diff --git a/doc/tools.texi b/doc/tools.texi
index 0acf4f49c..cff649752 100644
--- a/doc/tools.texi
+++ b/doc/tools.texi
@@ -1,2165 +1,2190 @@
@c Copyright (C) 2004, 2008 Free Software Foundation, Inc.
@c This is part of the GnuPG manual.
@c For copying conditions, see the file GnuPG.texi.
@include defs.inc
@node Helper Tools
@chapter Helper Tools
GnuPG comes with a couple of smaller tools:
@menu
* watchgnupg:: Read logs from a socket.
* gpgv:: Verify OpenPGP signatures.
* addgnupghome:: Create .gnupg home directories.
* gpgconf:: Modify .gnupg home directories.
* applygnupgdefaults:: Run gpgconf for all users.
* gpg-preset-passphrase:: Put a passphrase into the cache.
* gpg-connect-agent:: Communicate with a running agent.
* dirmngr-client:: How to use the Dirmngr client tool.
* gpgparsemail:: Parse a mail message into an annotated format
* gpgtar:: Encrypt or sign files into an archive.
* gpg-check-pattern:: Check a passphrase on stdin against the patternfile.
@end menu
@c
@c WATCHGNUPG
@c
@manpage watchgnupg.1
@node watchgnupg
@section Read logs from a socket
@ifset manverb
.B watchgnupg
\- Read and print logs from a socket
@end ifset
@mansect synopsis
@ifset manverb
.B watchgnupg
.RB [ \-\-force ]
.RB [ \-\-verbose ]
.I socketname
@end ifset
@mansect description
Most of the main utilities are able to write their log files to a Unix
Domain socket if configured that way. @command{watchgnupg} is a simple
listener for such a socket. It ameliorates the output with a time stamp
and makes sure that long lines are not interspersed with log output from
other utilities. This tool is not available for Windows.
@noindent
@command{watchgnupg} is commonly invoked as
@example
watchgnupg
@end example
which is a shorthand for
@example
watchgnupg --force $(gpgconf --list-dirs socketdir)/S.log
@end example
To watch GnuPG running with a different home directory, use
@example
watchgnupg --homedir DIR
@end example
@manpause
@noindent
This starts it on the current terminal for listening on the standard
logging socket (this is commonly @file{/var/run/user/UID/gnupg/S.log}
or if no such user directory hierarchy exists @file{~/.gnupg/S.log}).
@mansect options
@noindent
@command{watchgnupg} understands these options:
@table @gnupgtabopt
@item --force
@opindex force
Delete an already existing socket file. This option is implicitly used
if no socket name has been given on the command line.
@item --homedir @var{DIR}
If no socket name is given on the command line, pass @var{DIR} to
gpgconf so that the socket for a GnuPG running with DIR has its home
directory is used. Note that the environment variable @var{GNUPGHOME}
is ignored by watchgnupg.
@anchor{option watchgnupg --tcp}
@item --tcp @var{n}
Instead of reading from a local socket, listen for connects on TCP
port @var{n}. A Unix domain socket can optionally also be given as a
second source. This option does not use a default socket name.
@item --time-only
@opindex time-only
Do not print the date part of the timestamp.
@item --verbose
@opindex verbose
Enable extra informational output.
@item --version
@opindex version
Print version of the program and exit.
@item --help
@opindex help
Display a brief help page and exit.
@end table
@noindent
@mansect examples
@chapheading Examples
@example
$ watchgnupg --time-only
@end example
This waits for connections on the local socket
(e.g. @file{/var/run/user/1234/gnupg/S.log}) and shows all log
entries. To make this work the option @option{log-file} needs to be
used with all modules which logs are to be shown. The suggested entry
for the configuration files is:
@example
log-file socket://
@end example
If the default socket as given above and returned by "echo $(gpgconf
--list-dirs socketdir)/S.log" is not desired an arbitrary socket name
can be specified, for example @file{socket:///home/foo/bar/mysocket}.
For debugging purposes it is also possible to do remote logging. Take
care if you use this feature because the information is send in the
clear over the network. Use this syntax in the conf files:
@example
log-file tcp://192.168.1.1:4711
@end example
You may use any port and not just 4711 as shown above; only IP
addresses are supported (v4 and v6) and no host names. You need to
start @command{watchgnupg} with the @option{tcp} option. Note that
under Windows the registry entry
@var{HKCU\Software\GNU\GnuPG:DefaultLogFile} can be used to change the
default log output from @code{stderr} to whatever is given by that
entry. However the only useful entry is a TCP name for remote
debugging.
@mansect see also
@ifset isman
@command{gpg}(1),
@command{gpgsm}(1),
@command{gpg-agent}(1),
@command{scdaemon}(1)
@end ifset
@include see-also-note.texi
@c
@c GPGV
@c
@include gpgv.texi
@c
@c ADDGNUPGHOME
@c
@manpage addgnupghome.8
@node addgnupghome
@section Create .gnupg home directories
@ifset manverb
.B addgnupghome
\- Create .gnupg home directories
@end ifset
@mansect synopsis
@ifset manverb
.B addgnupghome
.I account_1
.IR account_2 ... account_n
@end ifset
@mansect description
If GnuPG is installed on a system with existing user accounts, it is
sometimes required to populate the GnuPG home directory with existing
files. Especially a @file{trustlist.txt} and a keybox with some
initial certificates are often desired. This script helps to do this
by copying all files from @file{/etc/skel/.gnupg} to the home
directories of the accounts given on the command line. It takes care
not to overwrite existing GnuPG home directories.
@noindent
@command{addgnupghome} is invoked by root as:
@example
addgnupghome account1 account2 ... accountn
@end example
@c
@c GPGCONF
@c
@manpage gpgconf.1
@node gpgconf
@section Modify .gnupg home directories
@ifset manverb
.B gpgconf
\- Modify .gnupg home directories
@end ifset
@mansect synopsis
@ifset manverb
.B gpgconf
.RI [ options ]
.B \-\-list-components
.br
.B gpgconf
.RI [ options ]
.B \-\-list-options
.I component
.br
.B gpgconf
.RI [ options ]
.B \-\-change-options
.I component
@end ifset
@mansect description
The @command{gpgconf} is a utility to automatically and reasonable
safely query and modify configuration files in the @file{.gnupg} home
directory. It is designed not to be invoked manually by the user, but
automatically by graphical user interfaces (GUI).@footnote{Please note
that currently no locking is done, so concurrent access should be
avoided. There are some precautions to avoid corruption with
concurrent usage, but results may be inconsistent and some changes may
get lost. The stateless design makes it difficult to provide more
guarantees.}
@command{gpgconf} provides access to the configuration of one or more
components of the GnuPG system. These components correspond more or
less to the programs that exist in the GnuPG framework, like GPG,
GPGSM, DirMngr, etc. But this is not a strict one-to-one
relationship. Not all configuration options are available through
@command{gpgconf}. @command{gpgconf} provides a generic and abstract
method to access the most important configuration options that can
feasibly be controlled via such a mechanism.
@command{gpgconf} can be used to gather and change the options
available in each component, and can also provide their default
values. @command{gpgconf} will give detailed type information that
can be used to restrict the user's input without making an attempt to
commit the changes.
@command{gpgconf} provides the backend of a configuration editor. The
configuration editor would usually be a graphical user interface
program that displays the current options, their default
values, and allows the user to make changes to the options. These
changes can then be made active with @command{gpgconf} again. Such a
program that uses @command{gpgconf} in this way will be called GUI
throughout this section.
@menu
* Invoking gpgconf:: List of all commands and options.
* Format conventions:: Formatting conventions relevant for all commands.
* Listing components:: List all gpgconf components.
* Checking programs:: Check all programs known to gpgconf.
* Listing options:: List all options of a component.
* Changing options:: Changing options of a component.
* Listing global options:: List all global options.
* Querying versions:: Get and compare software versions.
* Files used by gpgconf:: What files are used by gpgconf.
@end menu
@manpause
@node Invoking gpgconf
@subsection Invoking gpgconf
@mansect commands
One of the following commands must be given:
@table @gnupgtabopt
@item --list-components
List all components. This is the default command used if none is
specified.
@item --check-programs
List all available backend programs and test whether they are runnable.
@item --list-options @var{component}
List all options of the component @var{component}.
@item --change-options @var{component}
Change the options of the component @var{component}.
@item --check-options @var{component}
Check the options for the component @var{component}.
@item --apply-profile @var{file}
Apply the configuration settings listed in @var{file} to the
configuration files. If @var{file} has no suffix and no slashes the
command first tries to read a file with the suffix @code{.prf} from
the data directory (@code{gpgconf --list-dirs datadir}) before it
reads the file verbatim. A profile is divided into sections using the
bracketed component name. Each section then lists the option which
shall go into the respective configuration file.
@item --apply-defaults
Update all configuration files with values taken from the global
configuration file (usually @file{/etc/gnupg/gpgconf.conf}).
Note: This is a legacy mechanism. Please use global configuration
files instead.
@item --list-dirs [@var{names}]
@itemx -L
Lists the directories used by @command{gpgconf}. One directory is
listed per line, and each line consists of a colon-separated list where
the first field names the directory type (for example @code{sysconfdir})
and the second field contains the percent-escaped directory. Although
they are not directories, the socket file names used by
@command{gpg-agent} and @command{dirmngr} are printed as well. Note
that the socket file names and the @code{homedir} lines are the default
names and they may be overridden by command line switches. If
@var{names} are given only the directories or file names specified by
the list names are printed without any escaping.
@item --list-config [@var{filename}]
List the global configuration file in a colon separated format. If
@var{filename} is given, check that file instead.
@item --check-config [@var{filename}]
Run a syntax check on the global configuration file. If @var{filename}
is given, check that file instead.
@item --query-swdb @var{package_name} [@var{version_string}]
Returns the current version for @var{package_name} and if
@var{version_string} is given also an indicator on whether an update
is available. The actual file with the software version is
automatically downloaded and checked by @command{dirmngr}.
@command{dirmngr} uses a thresholds to avoid download the file too
often and it does this by default only if it can be done via Tor. To
force an update of that file this command can be used:
@example
gpg-connect-agent --dirmngr 'loadswdb --force' /bye
@end example
@item --reload [@var{component}]
@itemx -R
@opindex reload
Reload all or the given component. This is basically the same as
sending a SIGHUP to the component. Components which don't support
reloading are ignored. Without @var{component} or by using "all" for
@var{component} all components which are daemons are reloaded.
@item --launch [@var{component}]
@opindex launch
If the @var{component} is not already running, start it.
@command{component} must be a daemon. This is in general not required
because the system starts these daemons as needed. However, external
software making direct use of @command{gpg-agent} or @command{dirmngr}
may use this command to ensure that they are started. Using "all" for
@var{component} launches all components which are daemons.
@item --kill [@var{component}]
@itemx -K
@opindex kill
Kill the given component that runs as a daemon, including
@command{gpg-agent}, @command{dirmngr}, and @command{scdaemon}. A
@command{component} which does not run as a daemon will be ignored.
Using "all" for @var{component} kills all components running as
daemons. Note that as of now reload and kill have the same effect for
@command{scdaemon}.
@item --create-socketdir
@opindex create-socketdir
Create a directory for sockets below /run/user or /var/run/user. This
is command is only required if a non default home directory is used
and the /run based sockets shall be used. For the default home
directory GnUPG creates a directory on the fly.
@item --remove-socketdir
@opindex remove-socketdir
Remove a directory created with command @option{--create-socketdir}.
@end table
@mansect options
The following options may be used:
@table @gnupgtabopt
@item -o @var{file}
@itemx --output @var{file}
Write output to @var{file}. Default is to write to stdout.
@item -v
@itemx --verbose
Outputs additional information while running. Specifically, this
extends numerical field values by human-readable descriptions.
@item -q
@itemx --quiet
@opindex quiet
Try to be as quiet as possible.
@include opt-homedir.texi
@item --chuid @var{uid}
@opindex chuid
Change the current user to @var{uid} which may either be a number or a
name. This can be used from the root account to get information on
the GnuPG environment of the specified user or to start or kill
daemons. If @var{uid} is not the current UID a standard PATH is set
and the envvar GNUPGHOME is unset. To override the latter the option
@option{--homedir} can be used. This option has currently no effect
on Windows.
@item -n
@itemx --dry-run
Do not actually change anything. This is currently only implemented
for @code{--change-options} and can be used for testing purposes.
@item -r
@itemx --runtime
Only used together with @code{--change-options}. If one of the
modified options can be changed in a running daemon process, signal
the running daemon to ask it to reparse its configuration file after
changing.
This means that the changes will take effect at run-time, as far as
this is possible. Otherwise, they will take effect at the next start
of the respective backend programs.
@item --status-fd @var{n}
@opindex status-fd
Write special status strings to the file descriptor @var{n}. This
program returns the status messages SUCCESS or FAILURE which are
helpful when the caller uses a double fork approach and can't easily
get the return code of the process.
@manpause
@end table
@node Format conventions
@subsection Format conventions
Some lines in the output of @command{gpgconf} contain a list of
colon-separated fields. The following conventions apply:
@itemize @bullet
@item
The GUI program is required to strip off trailing newline and/or
carriage return characters from the output.
@item
@command{gpgconf} will never leave out fields. If a certain version
provides a certain field, this field will always be present in all
@command{gpgconf} versions from that time on.
@item
Future versions of @command{gpgconf} might append fields to the list.
New fields will always be separated from the previously last field by
a colon separator. The GUI should be prepared to parse the last field
it knows about up until a colon or end of line.
@item
Not all fields are defined under all conditions. You are required to
ignore the content of undefined fields.
@end itemize
There are several standard types for the content of a field:
@table @asis
@item verbatim
Some fields contain strings that are not escaped in any way. Such
fields are described to be used @emph{verbatim}. These fields will
never contain a colon character (for obvious reasons). No de-escaping
or other formatting is required to use the field content. This is for
easy parsing of the output, when it is known that the content can
never contain any special characters.
@item percent-escaped
Some fields contain strings that are described to be
@emph{percent-escaped}. Such strings need to be de-escaped before
their content can be presented to the user. A percent-escaped string
is de-escaped by replacing all occurrences of @code{%XY} by the byte
that has the hexadecimal value @code{XY}. @code{X} and @code{Y} are
from the set @code{0-9a-f}.
@item localized
Some fields contain strings that are described to be @emph{localized}.
Such strings are translated to the active language and formatted in
the active character set.
@item @w{unsigned number}
Some fields contain an @emph{unsigned number}. This number will
always fit into a 32-bit unsigned integer variable. The number may be
followed by a space, followed by a human readable description of that
value (if the verbose option is used). You should ignore everything
in the field that follows the number.
@item @w{signed number}
Some fields contain a @emph{signed number}. This number will always
fit into a 32-bit signed integer variable. The number may be followed
by a space, followed by a human readable description of that value (if
the verbose option is used). You should ignore everything in the
field that follows the number.
@item @w{boolean value}
Some fields contain a @emph{boolean value}. This is a number with
either the value 0 or 1. The number may be followed by a space,
followed by a human readable description of that value (if the verbose
option is used). You should ignore everything in the field that follows
the number; checking just the first character is sufficient in this
case.
@item option
Some fields contain an @emph{option} argument. The format of an
option argument depends on the type of the option and on some flags:
@table @asis
@item no argument
The simplest case is that the option does not take an argument at all
(@var{type} @code{0}). Then the option argument is an unsigned number
that specifies how often the option occurs. If the @code{list} flag
is not set, then the only valid number is @code{1}. Options that do
not take an argument never have the @code{default} or @code{optional
arg} flag set.
@item number
If the option takes a number argument (@var{alt-type} is @code{2} or
@code{3}), and it can only occur once (@code{list} flag is not set),
then the option argument is either empty (only allowed if the argument
is optional), or it is a number. A number is a string that begins
with an optional minus character, followed by one or more digits. The
number must fit into an integer variable (unsigned or signed,
depending on @var{alt-type}).
@item number list
If the option takes a number argument and it can occur more than once,
then the option argument is either empty, or it is a comma-separated
list of numbers as described above.
@item string
If the option takes a string argument (@var{alt-type} is 1), and it
can only occur once (@code{list} flag is not set) then the option
argument is either empty (only allowed if the argument is optional),
or it starts with a double quote character (@code{"}) followed by a
percent-escaped string that is the argument value. Note that there is
only a leading double quote character, no trailing one. The double
quote character is only needed to be able to differentiate between no
value and the empty string as value.
@item string list
If the option takes a string argument and it can occur more than once,
then the option argument is either empty, or it is a comma-separated
list of string arguments as described above.
@end table
@end table
The active language and character set are currently determined from
the locale environment of the @command{gpgconf} program.
@c FIXME: Document the active language and active character set. Allow
@c to change it via the command line?
@mansect usage
@node Listing components
@subsection Listing components
The command @code{--list-components} will list all components that can
be configured with @command{gpgconf}. Usually, one component will
correspond to one GnuPG-related program and contain the options of
that program's configuration file that can be modified using
@command{gpgconf}. However, this is not necessarily the case. A
component might also be a group of selected options from several
programs, or contain entirely virtual options that have a special
effect rather than changing exactly one option in one configuration
file.
A component is a set of configuration options that semantically belong
together. Furthermore, several changes to a component can be made in
an atomic way with a single operation. The GUI could for example
provide a menu with one entry for each component, or a window with one
tabulator sheet per component.
The command @code{--list-components} lists all available
components, one per line. The format of each line is:
@code{@var{name}:@var{description}:@var{pgmname}:}
@table @var
@item name
This field contains a name tag of the component. The name tag is used
to specify the component in all communication with @command{gpgconf}.
The name tag is to be used @emph{verbatim}. It is thus not in any
escaped format.
@item description
The @emph{string} in this field contains a human-readable description
of the component. It can be displayed to the user of the GUI for
informational purposes. It is @emph{percent-escaped} and
@emph{localized}.
@item pgmname
The @emph{string} in this field contains the absolute name of the
program's file. It can be used to unambiguously invoke that program.
It is @emph{percent-escaped}.
@end table
Example:
@example
$ gpgconf --list-components
gpg:GPG for OpenPGP:/usr/local/bin/gpg2:
gpg-agent:GPG Agent:/usr/local/bin/gpg-agent:
scdaemon:Smartcard Daemon:/usr/local/bin/scdaemon:
gpgsm:GPG for S/MIME:/usr/local/bin/gpgsm:
dirmngr:Directory Manager:/usr/local/bin/dirmngr:
@end example
@node Checking programs
@subsection Checking programs
The command @code{--check-programs} is similar to
@code{--list-components} but works on backend programs and not on
components. It runs each program to test whether it is installed and
runnable. This also includes a syntax check of all config file options
of the program.
The command @code{--check-programs} lists all available
programs, one per line. The format of each line is:
@code{@var{name}:@var{description}:@var{pgmname}:@var{avail}:@var{okay}:@var{cfgfile}:@var{line}:@var{error}:}
@table @var
@item name
This field contains a name tag of the program which is identical to the
name of the component. The name tag is to be used @emph{verbatim}. It
is thus not in any escaped format. This field may be empty to indicate
a continuation of error descriptions for the last name. The description
and pgmname fields are then also empty.
@item description
The @emph{string} in this field contains a human-readable description
of the component. It can be displayed to the user of the GUI for
informational purposes. It is @emph{percent-escaped} and
@emph{localized}.
@item pgmname
The @emph{string} in this field contains the absolute name of the
program's file. It can be used to unambiguously invoke that program.
It is @emph{percent-escaped}.
@item avail
The @emph{boolean value} in this field indicates whether the program is
installed and runnable.
@item okay
The @emph{boolean value} in this field indicates whether the program's
config file is syntactically okay.
@item cfgfile
If an error occurred in the configuration file (as indicated by a false
value in the field @code{okay}), this field has the name of the failing
configuration file. It is @emph{percent-escaped}.
@item line
If an error occurred in the configuration file, this field has the line
number of the failing statement in the configuration file.
It is an @emph{unsigned number}.
@item error
If an error occurred in the configuration file, this field has the error
text of the failing statement in the configuration file. It is
@emph{percent-escaped} and @emph{localized}.
@end table
@noindent
In the following example the @command{dirmngr} is not runnable and the
configuration file of @command{scdaemon} is not okay.
@example
$ gpgconf --check-programs
gpg:GPG for OpenPGP:/usr/local/bin/gpg2:1:1:
gpg-agent:GPG Agent:/usr/local/bin/gpg-agent:1:1:
scdaemon:Smartcard Daemon:/usr/local/bin/scdaemon:1:0:
gpgsm:GPG for S/MIME:/usr/local/bin/gpgsm:1:1:
dirmngr:Directory Manager:/usr/local/bin/dirmngr:0:0:
@end example
@noindent
The command @w{@code{--check-options @var{component}}} will verify the
configuration file in the same manner as @code{--check-programs}, but
only for the component @var{component}.
@node Listing options
@subsection Listing options
Every component contains one or more options. Options may be gathered
into option groups to allow the GUI to give visual hints to the user
about which options are related.
The command @code{@w{--list-options @var{component}}} lists
all options (and the groups they belong to) in the component
@var{component}, one per line. @var{component} must be the string in
the field @var{name} in the output of the @code{--list-components}
command.
There is one line for each option and each group. First come all
options that are not in any group. Then comes a line describing a
group. Then come all options that belong into each group. Then comes
the next group and so on. There does not need to be any group (and in
this case the output will stop after the last non-grouped option).
The format of each line is:
@code{@var{name}:@var{flags}:@var{level}:@var{description}:@var{type}:@var{alt-type}:@var{argname}:@var{default}:@var{argdef}:@var{value}}
@table @var
@item name
This field contains a name tag for the group or option. The name tag
is used to specify the group or option in all communication with
@command{gpgconf}. The name tag is to be used @emph{verbatim}. It is
thus not in any escaped format.
@item flags
The flags field contains an @emph{unsigned number}. Its value is the
OR-wise combination of the following flag values:
@table @code
@item group (1)
If this flag is set, this is a line describing a group and not an
option.
@end table
The following flag values are only defined for options (that is, if
the @code{group} flag is not used).
@table @code
@item optional arg (2)
If this flag is set, the argument is optional. This is never set for
@var{type} @code{0} (none) options.
@item list (4)
If this flag is set, the option can be given multiple times.
@item runtime (8)
If this flag is set, the option can be changed at runtime.
@item default (16)
If this flag is set, a default value is available.
@item default desc (32)
If this flag is set, a (runtime) default is available. This and the
@code{default} flag are mutually exclusive.
@item no arg desc (64)
If this flag is set, and the @code{optional arg} flag is set, then the
option has a special meaning if no argument is given.
@item no change (128)
If this flag is set, @command{gpgconf} ignores requests to change the
value. GUI frontends should grey out this option. Note, that manual
changes of the configuration files are still possible.
@end table
@item level
This field is defined for options and for groups. It contains an
@emph{unsigned number} that specifies the expert level under which
this group or option should be displayed. The following expert levels
are defined for options (they have analogous meaning for groups):
@table @code
@item basic (0)
This option should always be offered to the user.
@item advanced (1)
This option may be offered to advanced users.
@item expert (2)
This option should only be offered to expert users.
@item invisible (3)
This option should normally never be displayed, not even to expert
users.
@item internal (4)
This option is for internal use only. Ignore it.
@end table
The level of a group will always be the lowest level of all options it
contains.
@item description
This field is defined for options and groups. The @emph{string} in
this field contains a human-readable description of the option or
group. It can be displayed to the user of the GUI for informational
purposes. It is @emph{percent-escaped} and @emph{localized}.
@item type
This field is only defined for options. It contains an @emph{unsigned
number} that specifies the type of the option's argument, if any. The
following types are defined:
Basic types:
@table @code
@item none (0)
No argument allowed.
@item string (1)
An @emph{unformatted string}.
@item int32 (2)
A @emph{signed number}.
@item uint32 (3)
An @emph{unsigned number}.
@end table
Complex types:
@table @code
@item pathname (32)
A @emph{string} that describes the pathname of a file. The file does
not necessarily need to exist.
@item ldap server (33)
A @emph{string} that describes an LDAP server in the format:
@code{@var{hostname}:@var{port}:@var{username}:@var{password}:@var{base_dn}}
@item key fingerprint (34)
A @emph{string} with a 40 digit fingerprint specifying a certificate.
@item pub key (35)
A @emph{string} that describes a certificate by user ID, key ID or
fingerprint.
@item sec key (36)
A @emph{string} that describes a certificate with a key by user ID,
key ID or fingerprint.
@item alias list (37)
A @emph{string} that describes an alias list, like the one used with
gpg's group option. The list consists of a key, an equal sign and space
separated values.
@end table
More types will be added in the future. Please see the @var{alt-type}
field for information on how to cope with unknown types.
@item alt-type
This field is identical to @var{type}, except that only the types
@code{0} to @code{31} are allowed. The GUI is expected to present the
user the option in the format specified by @var{type}. But if the
argument type @var{type} is not supported by the GUI, it can still
display the option in the more generic basic type @var{alt-type}. The
GUI must support all the defined basic types to be able to display all
options. More basic types may be added in future versions. If the
GUI encounters a basic type it doesn't support, it should report an
error and abort the operation.
@item argname
This field is only defined for options with an argument type
@var{type} that is not @code{0}. In this case it may contain a
@emph{percent-escaped} and @emph{localized string} that gives a short
name for the argument. The field may also be empty, though, in which
case a short name is not known.
@item default
This field is defined only for options for which the @code{default} or
@code{default desc} flag is set. If the @code{default} flag is set,
its format is that of an @emph{option argument} (@pxref{Format
conventions}, for details). If the default value is empty, then no
default is known. Otherwise, the value specifies the default value
for this option. If the @code{default desc} flag is set, the field is
either empty or contains a description of the effect if the option is
not given.
@item argdef
This field is defined only for options for which the @code{optional
arg} flag is set. If the @code{no arg desc} flag is not set, its
format is that of an @emph{option argument} (@pxref{Format
conventions}, for details). If the default value is empty, then no
default is known. Otherwise, the value specifies the default argument
for this option. If the @code{no arg desc} flag is set, the field is
either empty or contains a description of the effect of this option if
no argument is given.
@item value
This field is defined only for options. Its format is that of an
@emph{option argument}. If it is empty, then the option is not
explicitly set in the current configuration, and the default applies
(if any). Otherwise, it contains the current value of the option.
Note that this field is also meaningful if the option itself does not
take a real argument (in this case, it contains the number of times
the option appears).
@end table
@node Changing options
@subsection Changing options
The command @w{@code{--change-options @var{component}}} will attempt
to change the options of the component @var{component} to the
specified values. @var{component} must be the string in the field
@var{name} in the output of the @code{--list-components} command. You
have to provide the options that shall be changed in the following
format on standard input:
@code{@var{name}:@var{flags}:@var{new-value}}
@table @var
@item name
This is the name of the option to change. @var{name} must be the
string in the field @var{name} in the output of the
@code{--list-options} command.
@item flags
The flags field contains an @emph{unsigned number}. Its value is the
OR-wise combination of the following flag values:
@table @code
@item default (16)
If this flag is set, the option is deleted and the default value is
used instead (if applicable).
@end table
@item new-value
The new value for the option. This field is only defined if the
@code{default} flag is not set. The format is that of an @emph{option
argument}. If it is empty (or the field is omitted), the default
argument is used (only allowed if the argument is optional for this
option). Otherwise, the option will be set to the specified value.
@end table
@noindent
The output of the command is the same as that of
@code{--check-options} for the modified configuration file.
Examples:
To set the force option, which is of basic type @code{none (0)}:
@example
$ echo 'force:0:1' | gpgconf --change-options dirmngr
@end example
To delete the force option:
@example
$ echo 'force:16:' | gpgconf --change-options dirmngr
@end example
The @code{--runtime} option can influence when the changes take
effect.
@node Listing global options
@subsection Listing global options
Some legacy applications look at the global configuration file for the
gpgconf tool itself; this is the file @file{gpgconf.conf}. Modern
applications should not use it but use per component global
configuration files which are more flexible than the
@file{gpgconf.conf}. Using both files is not suggested.
The colon separated listing format is record oriented and uses the first
field to identify the record type:
@table @code
@item k
This describes a key record to start the definition of a new ruleset for
a user/group. The format of a key record is:
@code{k:@var{user}:@var{group}:}
@table @var
@item user
This is the user field of the key. It is percent escaped. See the
definition of the gpgconf.conf format for details.
@item group
This is the group field of the key. It is percent escaped.
@end table
@item r
This describes a rule record. All rule records up to the next key record
make up a rule set for that key. The format of a rule record is:
@code{r:::@var{component}:@var{option}:@var{flag}:@var{value}:}
@table @var
@item component
This is the component part of a rule. It is a plain string.
@item option
This is the option part of a rule. It is a plain string.
@item flag
This is the flags part of a rule. There may be only one flag per rule
but by using the same component and option, several flags may be
assigned to an option. It is a plain string.
@item value
This is the optional value for the option. It is a percent escaped
string with a single quotation mark to indicate a string. The quotation
mark is only required to distinguish between no value specified and an
empty string.
@end table
@end table
@noindent
Unknown record types should be ignored. Note that there is intentionally
no feature to change the global option file through @command{gpgconf}.
@node Querying versions
@subsection Get and compare software versions.
The GnuPG Project operates a server to query the current versions of
software packages related to GnuPG. @command{gpgconf} can be used to
access this online database. To allow for offline operations, this
feature works by having @command{dirmngr} download a file from
@code{https://versions.gnupg.org}, checking the signature of that file
and storing the file in the GnuPG home directory. If
@command{gpgconf} is used and @command{dirmngr} is running, it may ask
@command{dirmngr} to refresh that file before itself uses the file.
The command @option{--query-swdb} returns information for the given
package in a colon delimited format:
@table @var
@item name
This is the name of the package as requested. Note that "gnupg" is a
special name which is replaced by the actual package implementing this
version of GnuPG. For this name it is also not required to specify a
version because @command{gpgconf} takes its own version in this case.
@item iversion
The currently installed version or an empty string. The value is
taken from the command line argument but may be provided by gpg
if not given.
@item status
The status of the software package according to this table:
@table @code
@item -
No information available. This is either because no current version
has been specified or due to an error.
@item ?
The given name is not known in the online database.
@item u
An update of the software is available.
@item c
The installed version of the software is current.
@item n
The installed version is already newer than the released version.
@end table
@item urgency
If the value (the empty string should be considered as zero) is
greater than zero an important update is available.
@item error
This returns an @command{gpg-error} error code to distinguish between
various failure modes.
@item filedate
This gives the date of the file with the version numbers in standard
ISO format (@code{yyyymmddThhmmss}). The date has been extracted by
@command{dirmngr} from the signature of the file.
@item verified
This gives the date in ISO format the file was downloaded. This value
can be used to evaluate the freshness of the information.
@item version
This returns the version string for the requested software from the
file.
@item reldate
This returns the release date in ISO format.
@item size
This returns the size of the package as decimal number of bytes.
@item hash
This returns a hexified SHA-2 hash of the package.
@end table
@noindent
More fields may be added in future to the output.
@mansect files
@node Files used by gpgconf
@subsection Files used by gpgconf
@table @file
@item /etc/gnupg/gpgconf.conf
@cindex gpgconf.conf
If this file exists, it is processed as a global configuration file.
This is a legacy mechanism which should not be used tigether with
the modern global per component configuration files. A commented
example can be found in the @file{examples} directory of the
distribution.
@item @var{GNUPGHOME}/swdb.lst
@cindex swdb.lst
A file with current software versions. @command{dirmngr} creates
this file on demand from an online resource.
@end table
@mansect see also
@ifset isman
@command{gpg}(1),
@command{gpgsm}(1),
@command{gpg-agent}(1),
@command{scdaemon}(1),
@command{dirmngr}(1)
@end ifset
@include see-also-note.texi
@c
@c APPLYGNUPGDEFAULTS
@c
@manpage applygnupgdefaults.8
@node applygnupgdefaults
@section Run gpgconf for all users
@ifset manverb
.B applygnupgdefaults
\- Run gpgconf --apply-defaults for all users.
@end ifset
@mansect synopsis
@ifset manverb
.B applygnupgdefaults
@end ifset
@mansect description
This is a legacy script. Modern application should use the per
component global configuration files under @file{/etc/gnupg/}.
This script is a wrapper around @command{gpgconf} to run it with the
command @code{--apply-defaults} for all real users with an existing
GnuPG home directory. Admins might want to use this script to update he
GnuPG configuration files for all users after
@file{/etc/gnupg/gpgconf.conf} has been changed. This allows enforcing
certain policies for all users. Note, that this is not a bulletproof way to
force a user to use certain options. A user may always directly edit
the configuration files and bypass gpgconf.
@noindent
@command{applygnupgdefaults} is invoked by root as:
@example
applygnupgdefaults
@end example
@c
@c GPG-PRESET-PASSPHRASE
@c
@node gpg-preset-passphrase
@section Put a passphrase into the cache
@manpage gpg-preset-passphrase.1
@ifset manverb
.B gpg-preset-passphrase
\- Put a passphrase into gpg-agent's cache
@end ifset
@mansect synopsis
@ifset manverb
.B gpg-preset-passphrase
.RI [ options ]
.RI [ command ]
.I cache-id
@end ifset
@mansect description
The @command{gpg-preset-passphrase} is a utility to seed the internal
cache of a running @command{gpg-agent} with passphrases. It is mainly
useful for unattended machines, where the usual @command{pinentry} tool
may not be used and the passphrases for the to be used keys are given at
machine startup.
This program works with GnuPG 2 and later. GnuPG 1.x is not supported.
Passphrases set with this utility don't expire unless the
@option{--forget} option is used to explicitly clear them from the
cache --- or @command{gpg-agent} is either restarted or reloaded (by
sending a SIGHUP to it). Note that the maximum cache time as set with
@option{--max-cache-ttl} is still honored. It is necessary to allow
this passphrase presetting by starting @command{gpg-agent} with the
@option{--allow-preset-passphrase}.
@menu
* Invoking gpg-preset-passphrase:: List of all commands and options.
@end menu
@manpause
@node Invoking gpg-preset-passphrase
@subsection List of all commands and options
@mancont
@noindent
@command{gpg-preset-passphrase} is invoked this way:
@example
gpg-preset-passphrase [options] [command] @var{cacheid}
@end example
@var{cacheid} is either a 40 character keygrip of hexadecimal
characters identifying the key for which the passphrase should be set
or cleared. The keygrip is listed along with the key when running the
command: @code{gpgsm --with-keygrip --list-secret-keys}.
Alternatively an arbitrary string may be used to identify a
passphrase; it is suggested that such a string is prefixed with the
name of the application (e.g @code{foo:12346}). Scripts should always
use the option @option{--with-colons}, which provides the keygrip in a
"grp" line (cf. @file{doc/DETAILS})/
@noindent
One of the following command options must be given:
@table @gnupgtabopt
@item --preset
@opindex preset
Preset a passphrase. This is what you usually will
use. @command{gpg-preset-passphrase} will then read the passphrase from
@code{stdin}.
@item --forget
@opindex forget
Flush the passphrase for the given cache ID from the cache.
@end table
@noindent
The following additional options may be used:
@table @gnupgtabopt
@item -v
@itemx --verbose
@opindex verbose
Output additional information while running.
@item -P @var{string}
@itemx --passphrase @var{string}
@opindex passphrase
Instead of reading the passphrase from @code{stdin}, use the supplied
@var{string} as passphrase. Note that this makes the passphrase visible
for other users.
@end table
@mansect see also
@ifset isman
@command{gpg}(1),
@command{gpgsm}(1),
@command{gpg-agent}(1),
@command{scdaemon}(1)
@end ifset
@include see-also-note.texi
@c
@c GPG-CONNECT-AGENT
@c
@node gpg-connect-agent
@section Communicate with a running agent
@manpage gpg-connect-agent.1
@ifset manverb
.B gpg-connect-agent
\- Communicate with a running agent
@end ifset
@mansect synopsis
@ifset manverb
.B gpg-connect-agent
.RI [ options ] [commands]
@end ifset
@mansect description
The @command{gpg-connect-agent} is a utility to communicate with a
running @command{gpg-agent}. It is useful to check out the commands
@command{gpg-agent} provides using the Assuan interface. It might
also be useful for scripting simple applications. Input is expected
at stdin and output gets printed to stdout.
It is very similar to running @command{gpg-agent} in server mode; but
here we connect to a running instance.
@menu
* Invoking gpg-connect-agent:: List of all options.
* Controlling gpg-connect-agent:: Control commands.
@end menu
@manpause
@node Invoking gpg-connect-agent
@subsection List of all options
@noindent
@command{gpg-connect-agent} is invoked this way:
@example
gpg-connect-agent [options] [commands]
@end example
@mancont
@noindent
The following options may be used:
@table @gnupgtabopt
@item --dirmngr
@opindex dirmngr
Connect to a running directory manager (keyserver client) instead of
to the gpg-agent. If a dirmngr is not running, start it.
@item --keyboxd
@opindex keyboxd
Connect to a running keybox daemon instead of
to the gpg-agent. If a keyboxd is not running, start it.
@item -S
@itemx --raw-socket @var{name}
@opindex raw-socket
Connect to socket @var{name} assuming this is an Assuan style server.
Do not run any special initializations or environment checks. This may
be used to directly connect to any Assuan style socket server.
@item -E
@itemx --exec
@opindex exec
Take the rest of the command line as a program and it's arguments and
execute it as an Assuan server. Here is how you would run @command{gpgsm}:
@smallexample
gpg-connect-agent --exec gpgsm --server
@end smallexample
Note that you may not use options on the command line in this case.
@item -v
@itemx --verbose
@opindex verbose
Output additional information while running.
@item -q
@item --quiet
@opindex q
@opindex quiet
Try to be as quiet as possible.
@include opt-homedir.texi
@item --chuid @var{uid}
@opindex chuid
Change the current user to @var{uid} which may either be a number or a
name. This can be used from the root account to run gpg-connect-agent
for another user. If @var{uid} is not the current UID a standard PATH
is set and the envvar GNUPGHOME is unset. To override the latter the
option @option{--homedir} can be used. This option has only an effect
when used on the command line. This option has currently no effect at
all on Windows.
@item --no-ext-connect
@opindex no-ext-connect
When using @option{-S} or @option{--exec}, @command{gpg-connect-agent}
connects to the Assuan server in extended mode to allow descriptor
passing. This option makes it use the old mode.
@item --no-autostart
@opindex no-autostart
Do not start the gpg-agent or the dirmngr if it has not yet been
started.
@item --no-history
@opindex --no-history
In interactive mode the command line history is usually saved and
restored to and from a file below the GnuPG home directory. This
option inhibits the use of that file.
@item --agent-program @var{file}
@opindex agent-program
Specify the agent program to be started if none is running. The
default value is determined by running @command{gpgconf} with the
option @option{--list-dirs}. Note that the pipe symbol (@code{|}) is
used for a regression test suite hack and may thus not be used in the
file name.
@item --dirmngr-program @var{file}
@opindex dirmngr-program
Specify the directory manager (keyserver client) program to be started
if none is running. This has only an effect if used together with the
option @option{--dirmngr}.
@item --keyboxd-program @var{file}
@opindex keyboxd-program
Specify the keybox daemon program to be started if none is running.
This has only an effect if used together with the option
@option{--keyboxd}.
@item -r @var{file}
@itemx --run @var{file}
@opindex run
Run the commands from @var{file} at startup and then continue with the
regular input method. Note, that commands given on the command line are
executed after this file.
@item -s
@itemx --subst
@opindex subst
Run the command @code{/subst} at startup.
@item --hex
@opindex hex
Print data lines in a hex format and the ASCII representation of
non-control characters.
@item --decode
@opindex decode
Decode data lines. That is to remove percent escapes but make sure that
a new line always starts with a D and a space.
@end table
@mansect control commands
@node Controlling gpg-connect-agent
@subsection Control commands
While reading Assuan commands, gpg-agent also allows a few special
commands to control its operation. These control commands all start
with a slash (@code{/}).
@table @code
@item /echo @var{args}
Just print @var{args}.
@item /let @var{name} @var{value}
Set the variable @var{name} to @var{value}. Variables are only
substituted on the input if the @command{/subst} has been used.
Variables are referenced by prefixing the name with a dollar sign and
optionally include the name in curly braces. The rules for a valid name
are identically to those of the standard bourne shell. This is not yet
enforced but may be in the future. When used with curly braces no
leading or trailing white space is allowed.
If a variable is not found, it is searched in the environment and if
found copied to the table of variables.
Variable functions are available: The name of the function must be
followed by at least one space and the at least one argument. The
following functions are available:
@table @code
@item get
Return a value described by the argument. Available arguments are:
@table @code
@item cwd
The current working directory.
@item homedir
The gnupg homedir.
@item sysconfdir
GnuPG's system configuration directory.
@item bindir
GnuPG's binary directory.
@item libdir
GnuPG's library directory.
@item libexecdir
GnuPG's library directory for executable files.
@item datadir
GnuPG's data directory.
@item serverpid
The PID of the current server. Command @command{/serverpid} must
have been given to return a useful value.
@end table
@item unescape @var{args}
Remove C-style escapes from @var{args}. Note that @code{\0} and
@code{\x00} terminate the returned string implicitly. The string to be
converted are the entire arguments right behind the delimiting space of
the function name.
@item unpercent @var{args}
@itemx unpercent+ @var{args}
Remove percent style escaping from @var{args}. Note that @code{%00}
terminates the string implicitly. The string to be converted are the
entire arguments right behind the delimiting space of the function
name. @code{unpercent+} also maps plus signs to a spaces.
@item percent @var{args}
@itemx percent+ @var{args}
Escape the @var{args} using percent style escaping. Tabs, formfeeds,
linefeeds, carriage returns and colons are escaped. @code{percent+} also
maps spaces to plus signs.
@item errcode @var{arg}
@itemx errsource @var{arg}
@itemx errstring @var{arg}
Assume @var{arg} is an integer and evaluate it using @code{strtol}. Return
the gpg-error error code, error source or a formatted string with the
error code and error source.
@item +
@itemx -
@itemx *
@itemx /
@itemx %
Evaluate all arguments as long integers using @code{strtol} and apply
this operator. A division by zero yields an empty string.
@item !
@itemx |
@itemx &
Evaluate all arguments as long integers using @code{strtol} and apply
the logical operators NOT, OR or AND. The NOT operator works on the
last argument only.
@end table
@item /definq @var{name} @var{var}
Use content of the variable @var{var} for inquiries with @var{name}.
@var{name} may be an asterisk (@code{*}) to match any inquiry.
@item /definqfile @var{name} @var{file}
Use content of @var{file} for inquiries with @var{name}.
@var{name} may be an asterisk (@code{*}) to match any inquiry.
@item /definqprog @var{name} @var{prog}
Run @var{prog} for inquiries matching @var{name} and pass the
entire line to it as command line arguments.
@item /datafile @var{name}
Write all data lines from the server to the file @var{name}. The file
is opened for writing and created if it does not exists. An existing
file is first truncated to 0. The data written to the file fully
decoded. Using a single dash for @var{name} writes to stdout. The
file is kept open until a new file is set using this command or this
command is used without an argument.
@item /showdef
Print all definitions
@item /cleardef
Delete all definitions
@item /sendfd @var{file} @var{mode}
Open @var{file} in @var{mode} (which needs to be a valid @code{fopen}
mode string) and send the file descriptor to the server. This is
usually followed by a command like @code{INPUT FD} to set the
input source for other commands.
@item /recvfd
Not yet implemented.
@item /open @var{var} @var{file} [@var{mode}]
Open @var{file} and assign the file descriptor to @var{var}. Warning:
This command is experimental and might change in future versions.
@item /close @var{fd}
Close the file descriptor @var{fd}. Warning: This command is
experimental and might change in future versions.
@item /showopen
Show a list of open files.
@item /serverpid
Send the Assuan command @command{GETINFO pid} to the server and store
the returned PID for internal purposes.
@item /sleep
Sleep for a second.
@item /hex
@itemx /nohex
Same as the command line option @option{--hex}.
@item /decode
@itemx /nodecode
Same as the command line option @option{--decode}.
@item /subst
@itemx /nosubst
Enable and disable variable substitution. It defaults to disabled
unless the command line option @option{--subst} has been used.
If /subst as been enabled once, leading whitespace is removed from
input lines which makes scripts easier to read.
@item /while @var{condition}
@itemx /end
These commands provide a way for executing loops. All lines between
the @code{while} and the corresponding @code{end} are executed as long
as the evaluation of @var{condition} yields a non-zero value or is the
string @code{true} or @code{yes}. The evaluation is done by passing
@var{condition} to the @code{strtol} function. Example:
@smallexample
/subst
/let i 3
/while $i
/echo loop counter is $i
/let i $@{- $i 1@}
/end
@end smallexample
@item /if @var{condition}
@itemx /end
These commands provide a way for conditional execution. All lines between
the @code{if} and the corresponding @code{end} are executed only if
the evaluation of @var{condition} yields a non-zero value or is the
string @code{true} or @code{yes}. The evaluation is done by passing
@var{condition} to the @code{strtol} function.
@item /run @var{file}
Run commands from @var{file}.
@item /history --clear
Clear the command history.
@item /bye
Terminate the connection and the program.
@item /help
Print a list of available control commands.
@end table
@ifset isman
@mansect see also
@command{gpg-agent}(1),
@command{scdaemon}(1)
@include see-also-note.texi
@end ifset
@c
@c DIRMNGR-CLIENT
@c
@node dirmngr-client
@section The Dirmngr Client Tool
@manpage dirmngr-client.1
@ifset manverb
.B dirmngr-client
\- Tool to access the Dirmngr services
@end ifset
@mansect synopsis
@ifset manverb
.B dirmngr-client
.RI [ options ]
.RI [ certfile | pattern ]
@end ifset
@mansect description
The @command{dirmngr-client} is a simple tool to contact a running
dirmngr and test whether a certificate has been revoked --- either by
being listed in the corresponding CRL or by running the OCSP protocol.
If no dirmngr is running, a new instances will be started but this is
in general not a good idea due to the huge performance overhead.
@noindent
The usual way to run this tool is either:
@example
dirmngr-client @var{acert}
@end example
@noindent
or
@example
dirmngr-client <@var{acert}
@end example
Where @var{acert} is one DER encoded (binary) X.509 certificates to be
tested.
@ifclear isman
The return value of this command is
@end ifclear
@mansect return value
@ifset isman
@command{dirmngr-client} returns these values:
@end ifset
@table @code
@item 0
The certificate under question is valid; i.e. there is a valid CRL
available and it is not listed there or the OCSP request returned that
that certificate is valid.
@item 1
The certificate has been revoked
@item 2 (and other values)
There was a problem checking the revocation state of the certificate.
A message to stderr has given more detailed information. Most likely
this is due to a missing or expired CRL or due to a network problem.
@end table
@mansect options
@noindent
@command{dirmngr-client} may be called with the following options:
@table @gnupgtabopt
@item --version
@opindex version
Print the program version and licensing information. Note that you cannot
abbreviate this command.
@item --help, -h
@opindex help
Print a usage message summarizing the most useful command-line options.
Note that you cannot abbreviate this command.
@item --quiet, -q
@opindex quiet
Make the output extra brief by suppressing any informational messages.
@item -v
@item --verbose
@opindex v
@opindex verbose
Outputs additional information while running.
You can increase the verbosity by giving several
verbose commands to @sc{dirmngr}, such as @samp{-vv}.
@item --pem
@opindex pem
Assume that the given certificate is in PEM (armored) format.
@item --ocsp
@opindex ocsp
Do the check using the OCSP protocol and ignore any CRLs.
@item --force-default-responder
@opindex force-default-responder
When checking using the OCSP protocol, force the use of the default OCSP
responder. That is not to use the Reponder as given by the certificate.
@item --ping
@opindex ping
Check whether the dirmngr daemon is up and running.
@item --cache-cert
@opindex cache-cert
Put the given certificate into the cache of a running dirmngr. This is
mainly useful for debugging.
@item --validate
@opindex validate
Validate the given certificate using dirmngr's internal validation code.
This is mainly useful for debugging.
@item --load-crl
@opindex load-crl
This command expects a list of filenames with DER encoded CRL files.
With the option @option{--url} URLs are expected in place of filenames
and they are loaded directly from the given location. All CRLs will be
validated and then loaded into dirmngr's cache.
@item --lookup
@opindex lookup
Take the remaining arguments and run a lookup command on each of them.
The results are Base-64 encoded outputs (without header lines). This
may be used to retrieve certificates from a server. However the output
format is not very well suited if more than one certificate is returned.
@item --url
@itemx -u
@opindex url
Modify the @command{lookup} and @command{load-crl} commands to take an URL.
@item --local
@itemx -l
@opindex url
Let the @command{lookup} command only search the local cache.
@item --squid-mode
@opindex squid-mode
Run @sc{dirmngr-client} in a mode suitable as a helper program for
Squid's @option{external_acl_type} option.
@end table
@ifset isman
@mansect see also
@command{dirmngr}(8),
@command{gpgsm}(1)
@include see-also-note.texi
@end ifset
@c
@c GPGPARSEMAIL
@c
@node gpgparsemail
@section Parse a mail message into an annotated format
@manpage gpgparsemail.1
@ifset manverb
.B gpgparsemail
\- Parse a mail message into an annotated format
@end ifset
@mansect synopsis
@ifset manverb
.B gpgparsemail
.RI [ options ]
.RI [ file ]
@end ifset
@mansect description
The @command{gpgparsemail} is a utility currently only useful for
debugging. Run it with @code{--help} for usage information.
@c
@c GPGTAR
@c
@manpage gpgtar.1
@node gpgtar
@section Encrypt or sign files into an archive
@ifset manverb
.B gpgtar
\- Encrypt or sign files into an archive
@end ifset
@mansect synopsis
@ifset manverb
.B gpgtar
.RI [ options ]
.I filename1
.I [ filename2, ... ]
.I directory1
.I [ directory2, ... ]
@end ifset
@mansect description
@command{gpgtar} encrypts or signs files into an archive. It is an
gpg-ized tar using the same format as used by PGP's PGP Zip.
@manpause
@noindent
@command{gpgtar} is invoked this way:
@example
gpgtar [options] @var{filename1} [@var{filename2}, ...] @var{directory} [@var{directory2}, ...]
@end example
@mansect options
@noindent
@command{gpgtar} understands these options:
@table @gnupgtabopt
@item --create
@opindex create
Put given files and directories into a vanilla ``ustar'' archive.
@item --extract
@opindex extract
Extract all files from a vanilla ``ustar'' archive.
@item --encrypt
@itemx -e
@opindex encrypt
Encrypt given files and directories into an archive. This option may
be combined with option @option{--symmetric} for an archive that may
be decrypted via a secret key or a passphrase.
@item --decrypt
@itemx -d
@opindex decrypt
Extract all files from an encrypted archive.
@item --sign
@itemx -s
Make a signed archive from the given files and directories. This can
be combined with option @option{--encrypt} to create a signed and then
encrypted archive.
@item --list-archive
@itemx -t
@opindex list-archive
List the contents of the specified archive.
@item --symmetric
@itemx -c
Encrypt with a symmetric cipher using a passphrase. The default
symmetric cipher used is @value{GPGSYMENCALGO}, but may be chosen with the
@option{--cipher-algo} option to @command{gpg}.
@item --recipient @var{user}
@itemx -r @var{user}
@opindex recipient
Encrypt for user id @var{user}. For details see @command{gpg}.
@item --local-user @var{user}
@itemx -u @var{user}
@opindex local-user
Use @var{user} as the key to sign with. For details see @command{gpg}.
@item --output @var{file}
@itemx -o @var{file}
@opindex output
Write the archive to the specified file @var{file}.
@item --verbose
@itemx -v
@opindex verbose
Enable extra informational output.
@item --quiet
@itemx -q
@opindex quiet
Try to be as quiet as possible.
@item --skip-crypto
@opindex skip-crypto
Skip all crypto operations and create or extract vanilla ``ustar''
archives.
@item --dry-run
@opindex dry-run
Do not actually output the extracted files.
@item --directory @var{dir}
@itemx -C @var{dir}
@opindex directory
Extract the files into the directory @var{dir}. The default is to
take the directory name from the input filename. If no input filename
is known a directory named @file{GPGARCH} is used. For tarball
creation, switch to directory @var{dir} before performing any
operations.
@item --files-from @var{file}
@itemx -T @var{file}
Take the file names to work from the file @var{file}; one file per
line.
@item --null
@opindex null
Modify option @option{--files-from} to use a binary nul instead of a
linefeed to separate file names.
@item --utf8-strings
@opindex utf8-strings
Assume that the file names read by @option{--files-from} are UTF-8
encoded. This option has an effect only on Windows where the active
code page is otherwise assumed.
@item --openpgp
@opindex openpgp
This option has no effect because OpenPGP encryption and signing is
the default.
@item --cms
@opindex cms
This option is reserved and shall not be used. It will eventually be
used to encrypt or sign using the CMS protocol; but that is not yet
implemented.
+@item --batch
+@opindex batch
+Use batch mode. Never ask but use the default action. This option is
+passed directly to @command{gpg}.
+
+@item --yes
+@opindex yes
+Assume "yes" on most questions. Often used together with
+@option{--batch} to overwrite existing files. This option is passed
+directly to @command{gpg}.
+
+@item --no
+@opindex no
+Assume "no" on most questions. This option is passed directly to
+@command{gpg}.
+
+@item --require-compliance
+@opindex require-compliance
+This option is passed directly to @command{gpg}.
+
+@item --status-fd @var{n}
+@opindex status-fd
+Write special status strings to the file descriptor @var{n}.
+See the file DETAILS in the documentation for a listing of them.
+
@item --set-filename @var{file}
@opindex set-filename
Use the last component of @var{file} as the output directory. The
default is to take the directory name from the input filename. If no
input filename is known a directory named @file{GPGARCH} is used.
This option is deprecated in favor of option @option{--directory}.
@item --gpg @var{gpgcmd}
@opindex gpg
Use the specified command @var{gpgcmd} instead of @command{gpg}.
@item --gpg-args @var{args}
@opindex gpg-args
Pass the specified extra options to @command{gpg}.
@item --tar-args @var{args}
@opindex tar-args
Assume @var{args} are standard options of the command @command{tar}
and parse them. The only supported tar options are "--directory",
"--files-from", and "--null" This is an obsolete options because those
supported tar options can also be given directly.
@item --tar @var{command}
@opindex tar
This is a dummy option for backward compatibility.
@c ... to the gpg-zip script we provided in the past
@item --version
@opindex version
Print version of the program and exit.
@item --help
@opindex help
Display a brief help page and exit.
@end table
@mansect diagnostics
@noindent
The program returns 0 if everything was fine, 1 otherwise.
@mansect examples
@ifclear isman
@noindent
Some examples:
@end ifclear
@noindent
Encrypt the contents of directory @file{mydocs} for user Bob to file
@file{test1}:
@example
gpgtar --encrypt --output test1 -r Bob mydocs
@end example
@noindent
List the contents of archive @file{test1}:
@example
gpgtar --list-archive test1
@end example
@mansect see also
@ifset isman
@command{gpg}(1),
@command{tar}(1),
@end ifset
@include see-also-note.texi
@c
@c GPG-CHECK-PATTERN
@c
@manpage gpg-check-pattern.1
@node gpg-check-pattern
@section Check a passphrase on stdin against the patternfile
@ifset manverb
.B gpg-check-pattern
\- Check a passphrase on stdin against the patternfile
@end ifset
@mansect synopsis
@ifset manverb
.B gpg\-check\-pattern
.RI [ options ]
.I patternfile
@end ifset
@mansect description
@command{gpg-check-pattern} checks a passphrase given on stdin against
a specified pattern file.
The pattern file is line based with comment lines beginning on the
@emph{first} position with a @code{#}. Empty lines and lines with
only white spaces are ignored. The actual pattern lines may either be
verbatim string pattern and match as they are (trailing spaces are
ignored) or extended regular expressions indicated by a @code{/} or
@code{!/} in the first column and terminated by another @code{/} or
end of line. If a regular expression starts with @code{!/} the match
result is reversed. By default all comparisons are case insensitive.
Tag lines may be used to further control the operation of this tool.
The currently defined tags are:
@table @code
@item [icase]
Switch to case insensitive comparison for all further patterns. This
is the default.
@item [case]
Switch to case sensitive comparison for all further patterns.
@item [reject]
Switch to reject mode. This is the default mode.
@item [accept]
Switch to accept mode.
@end table
In the future more tags may be introduced and thus it is advisable not to
start a plain pattern string with an open bracket. The tags must be
given verbatim on the line with no spaces to the left or any non white
space characters to the right.
In reject mode the program exits on the first match with an exit code
of 1 (failure). If at the end of the pattern list the reject mode is
still active the program exits with code 0 (success).
In accept mode blocks of patterns are used. A block starts at the
next pattern after an "accept" tag and ends with the last pattern
before the next "accept" or "reject" tag or at the end of the pattern
list. If all patterns in a block match the program exits with an exit
code of 0 (success). If any pattern in a block do not match the next
pattern block is evaluated. If at the end of the pattern list the
accept mode is still active the program exits with code 1 (failure).
@mansect options
@noindent
@table @gnupgtabopt
@item --verbose
@opindex verbose
Enable extra informational output.
@item --check
@opindex check
Run only a syntax check on the patternfile.
@item --null
@opindex null
Input is expected to be null delimited.
@end table
@mansect see also
@ifset isman
@command{gpg-agent}(1),
@end ifset
@include see-also-note.texi
diff --git a/tools/gpgtar-create.c b/tools/gpgtar-create.c
index d17467077..7d7844960 100644
--- a/tools/gpgtar-create.c
+++ b/tools/gpgtar-create.c
@@ -1,1266 +1,1287 @@
/* gpgtar-create.c - Create a TAR archive
* Copyright (C) 2016-2017, 2019-2022 g10 Code GmbH
* Copyright (C) 2010, 2012, 2013 Werner Koch
* Copyright (C) 2010 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
* SPDX-License-Identifier: GPL-3.0-or-later
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#ifdef HAVE_W32_SYSTEM
# define WIN32_LEAN_AND_MEAN
# include
#else /*!HAVE_W32_SYSTEM*/
# include
# include
#endif /*!HAVE_W32_SYSTEM*/
#include "../common/i18n.h"
-#include "../common/exectool.h"
+#include
+#include "../common/exechelp.h"
#include "../common/sysutils.h"
#include "../common/ccparray.h"
#include "../common/membuf.h"
#include "gpgtar.h"
#ifndef HAVE_LSTAT
#define lstat(a,b) gnupg_stat ((a), (b))
#endif
/* Count the number of written headers. Extended headers are not
* counted. */
static unsigned long global_header_count;
/* Object to control the file scanning. */
struct scanctrl_s;
typedef struct scanctrl_s *scanctrl_t;
struct scanctrl_s
{
tar_header_t flist;
tar_header_t *flist_tail;
int nestlevel;
};
/* On Windows convert name to UTF8 and return it; caller must release
* the result. On Unix or if ALREADY_UTF8 is set, this function is a
* mere xtrystrcopy. On failure NULL is returned and ERRNO set. */
static char *
name_to_utf8 (const char *name, int already_utf8)
{
#ifdef HAVE_W32_SYSTEM
wchar_t *wstring;
char *result;
if (already_utf8)
result = xtrystrdup (name);
else
{
wstring = native_to_wchar (name);
if (!wstring)
return NULL;
result = wchar_to_utf8 (wstring);
xfree (wstring);
}
return result;
#else /*!HAVE_W32_SYSTEM */
(void)already_utf8;
return xtrystrdup (name);
#endif /*!HAVE_W32_SYSTEM */
}
/* Given a fresh header object HDR with only the name field set, try
to gather all available info. This is the W32 version. */
#ifdef HAVE_W32_SYSTEM
static gpg_error_t
fillup_entry_w32 (tar_header_t hdr)
{
char *p;
wchar_t *wfname;
WIN32_FILE_ATTRIBUTE_DATA fad;
DWORD attr;
for (p=hdr->name; *p; p++)
if (*p == '/')
*p = '\\';
wfname = gpgrt_fname_to_wchar (hdr->name);
for (p=hdr->name; *p; p++)
if (*p == '\\')
*p = '/';
if (!wfname)
{
log_error ("error converting '%s': %s\n", hdr->name, w32_strerror (-1));
return gpg_error_from_syserror ();
}
if (!GetFileAttributesExW (wfname, GetFileExInfoStandard, &fad))
{
log_error ("error stat-ing '%s': %s\n", hdr->name, w32_strerror (-1));
xfree (wfname);
return gpg_error_from_syserror ();
}
xfree (wfname);
attr = fad.dwFileAttributes;
if ((attr & FILE_ATTRIBUTE_NORMAL))
hdr->typeflag = TF_REGULAR;
else if ((attr & FILE_ATTRIBUTE_DIRECTORY))
hdr->typeflag = TF_DIRECTORY;
else if ((attr & FILE_ATTRIBUTE_DEVICE))
hdr->typeflag = TF_NOTSUP;
else if ((attr & (FILE_ATTRIBUTE_OFFLINE | FILE_ATTRIBUTE_TEMPORARY)))
hdr->typeflag = TF_NOTSUP;
else
hdr->typeflag = TF_REGULAR;
/* Map some attributes to USTAR defined mode bits. */
hdr->mode = 0640; /* User may read and write, group only read. */
if ((attr & FILE_ATTRIBUTE_DIRECTORY))
hdr->mode |= 0110; /* Dirs are user and group executable. */
if ((attr & FILE_ATTRIBUTE_READONLY))
hdr->mode &= ~0200; /* Clear the user write bit. */
if ((attr & FILE_ATTRIBUTE_HIDDEN))
hdr->mode &= ~0707; /* Clear all user and other bits. */
if ((attr & FILE_ATTRIBUTE_SYSTEM))
hdr->mode |= 0004; /* Make it readable by other. */
/* Only set the size for a regular file. */
if (hdr->typeflag == TF_REGULAR)
hdr->size = (fad.nFileSizeHigh * ((unsigned long long)MAXDWORD+1)
+ fad.nFileSizeLow);
hdr->mtime = (((unsigned long long)fad.ftLastWriteTime.dwHighDateTime << 32)
| fad.ftLastWriteTime.dwLowDateTime);
if (!hdr->mtime)
hdr->mtime = (((unsigned long long)fad.ftCreationTime.dwHighDateTime << 32)
| fad.ftCreationTime.dwLowDateTime);
hdr->mtime -= 116444736000000000ULL; /* The filetime epoch is 1601-01-01. */
hdr->mtime /= 10000000; /* Convert from 0.1us to seconds. */
return 0;
}
#endif /*HAVE_W32_SYSTEM*/
/* Given a fresh header object HDR with only the name field set, try
to gather all available info. This is the POSIX version. */
#ifndef HAVE_W32_SYSTEM
static gpg_error_t
fillup_entry_posix (tar_header_t hdr)
{
gpg_error_t err;
struct stat sbuf;
if (lstat (hdr->name, &sbuf))
{
err = gpg_error_from_syserror ();
log_error ("error stat-ing '%s': %s\n", hdr->name, gpg_strerror (err));
return err;
}
if (S_ISREG (sbuf.st_mode))
hdr->typeflag = TF_REGULAR;
else if (S_ISDIR (sbuf.st_mode))
hdr->typeflag = TF_DIRECTORY;
else if (S_ISCHR (sbuf.st_mode))
hdr->typeflag = TF_CHARDEV;
else if (S_ISBLK (sbuf.st_mode))
hdr->typeflag = TF_BLOCKDEV;
else if (S_ISFIFO (sbuf.st_mode))
hdr->typeflag = TF_FIFO;
else if (S_ISLNK (sbuf.st_mode))
hdr->typeflag = TF_SYMLINK;
else
hdr->typeflag = TF_NOTSUP;
/* FIXME: Save DEV and INO? */
/* Set the USTAR defined mode bits using the system macros. */
if (sbuf.st_mode & S_IRUSR)
hdr->mode |= 0400;
if (sbuf.st_mode & S_IWUSR)
hdr->mode |= 0200;
if (sbuf.st_mode & S_IXUSR)
hdr->mode |= 0100;
if (sbuf.st_mode & S_IRGRP)
hdr->mode |= 0040;
if (sbuf.st_mode & S_IWGRP)
hdr->mode |= 0020;
if (sbuf.st_mode & S_IXGRP)
hdr->mode |= 0010;
if (sbuf.st_mode & S_IROTH)
hdr->mode |= 0004;
if (sbuf.st_mode & S_IWOTH)
hdr->mode |= 0002;
if (sbuf.st_mode & S_IXOTH)
hdr->mode |= 0001;
#ifdef S_IXUID
if (sbuf.st_mode & S_IXUID)
hdr->mode |= 04000;
#endif
#ifdef S_IXGID
if (sbuf.st_mode & S_IXGID)
hdr->mode |= 02000;
#endif
#ifdef S_ISVTX
if (sbuf.st_mode & S_ISVTX)
hdr->mode |= 01000;
#endif
hdr->nlink = sbuf.st_nlink;
hdr->uid = sbuf.st_uid;
hdr->gid = sbuf.st_gid;
/* Only set the size for a regular file. */
if (hdr->typeflag == TF_REGULAR)
hdr->size = sbuf.st_size;
hdr->mtime = sbuf.st_mtime;
return 0;
}
#endif /*!HAVE_W32_SYSTEM*/
/* Add a new entry. The name of a directory entry is ENTRYNAME; if
that is NULL, DNAME is the name of the directory itself. Under
Windows ENTRYNAME shall have backslashes replaced by standard
slashes. */
static gpg_error_t
add_entry (const char *dname, const char *entryname, scanctrl_t scanctrl)
{
gpg_error_t err;
tar_header_t hdr;
char *p;
size_t dnamelen = strlen (dname);
log_assert (dnamelen);
hdr = xtrycalloc (1, sizeof *hdr + dnamelen + 1
+ (entryname? strlen (entryname) : 0) + 1);
if (!hdr)
return gpg_error_from_syserror ();
p = stpcpy (hdr->name, dname);
if (entryname)
{
if (dname[dnamelen-1] != '/')
*p++ = '/';
strcpy (p, entryname);
}
else
{
if (hdr->name[dnamelen-1] == '/')
hdr->name[dnamelen-1] = 0;
}
#ifdef HAVE_DOSISH_SYSTEM
err = fillup_entry_w32 (hdr);
#else
err = fillup_entry_posix (hdr);
#endif
if (err)
xfree (hdr);
else
{
/* FIXME: We don't have the extended info yet available so we
* can't print them. */
if (opt.verbose)
gpgtar_print_header (hdr, NULL, log_get_stream ());
*scanctrl->flist_tail = hdr;
scanctrl->flist_tail = &hdr->next;
}
return 0;
}
static gpg_error_t
scan_directory (const char *dname, scanctrl_t scanctrl)
{
gpg_error_t err = 0;
#ifdef HAVE_W32_SYSTEM
/* Note that we introduced gnupg_opendir only after we had deployed
* this code and thus we don't change it for now. */
WIN32_FIND_DATAW fi;
HANDLE hd = INVALID_HANDLE_VALUE;
char *p;
if (!*dname)
return 0; /* An empty directory name has no entries. */
{
char *fname;
wchar_t *wfname;
fname = xtrymalloc (strlen (dname) + 2 + 2 + 1);
if (!fname)
{
err = gpg_error_from_syserror ();
goto leave;
}
if (!strcmp (dname, "/"))
strcpy (fname, "/*"); /* Trailing slash is not allowed. */
else if (!strcmp (dname, "."))
strcpy (fname, "*");
else if (*dname && dname[strlen (dname)-1] == '/')
strcpy (stpcpy (fname, dname), "*");
else if (*dname && dname[strlen (dname)-1] != '*')
strcpy (stpcpy (fname, dname), "/*");
else
strcpy (fname, dname);
for (p=fname; *p; p++)
if (*p == '/')
*p = '\\';
wfname = gpgrt_fname_to_wchar (fname);
xfree (fname);
if (!wfname)
{
err = gpg_error_from_syserror ();
log_error (_("error reading directory '%s': %s\n"),
dname, gpg_strerror (err));
goto leave;
}
hd = FindFirstFileW (wfname, &fi);
if (hd == INVALID_HANDLE_VALUE)
{
err = gpg_error_from_syserror ();
log_error (_("error reading directory '%s': %s\n"),
dname, w32_strerror (-1));
xfree (wfname);
goto leave;
}
xfree (wfname);
}
do
{
char *fname = wchar_to_utf8 (fi.cFileName);
if (!fname)
{
err = gpg_error_from_syserror ();
log_error ("error converting filename: %s\n", w32_strerror (-1));
break;
}
for (p=fname; *p; p++)
if (*p == '\\')
*p = '/';
if (!strcmp (fname, "." ) || !strcmp (fname, ".."))
err = 0; /* Skip self and parent dir entry. */
else if (!strncmp (dname, "./", 2) && dname[2])
err = add_entry (dname+2, fname, scanctrl);
else
err = add_entry (dname, fname, scanctrl);
xfree (fname);
}
while (!err && FindNextFileW (hd, &fi));
if (err)
;
else if (GetLastError () == ERROR_NO_MORE_FILES)
err = 0;
else
{
err = gpg_error_from_syserror ();
log_error (_("error reading directory '%s': %s\n"),
dname, w32_strerror (-1));
}
leave:
if (hd != INVALID_HANDLE_VALUE)
FindClose (hd);
#else /*!HAVE_W32_SYSTEM*/
DIR *dir;
struct dirent *de;
if (!*dname)
return 0; /* An empty directory name has no entries. */
dir = opendir (dname);
if (!dir)
{
err = gpg_error_from_syserror ();
log_error (_("error reading directory '%s': %s\n"),
dname, gpg_strerror (err));
return err;
}
while ((de = readdir (dir)))
{
if (!strcmp (de->d_name, "." ) || !strcmp (de->d_name, ".."))
continue; /* Skip self and parent dir entry. */
err = add_entry (dname, de->d_name, scanctrl);
if (err)
goto leave;
}
leave:
closedir (dir);
#endif /*!HAVE_W32_SYSTEM*/
return err;
}
static gpg_error_t
scan_recursive (const char *dname, scanctrl_t scanctrl)
{
gpg_error_t err = 0;
tar_header_t hdr, *start_tail, *stop_tail;
if (scanctrl->nestlevel > 200)
{
log_error ("directories too deeply nested\n");
return gpg_error (GPG_ERR_RESOURCE_LIMIT);
}
scanctrl->nestlevel++;
log_assert (scanctrl->flist_tail);
start_tail = scanctrl->flist_tail;
scan_directory (dname, scanctrl);
stop_tail = scanctrl->flist_tail;
hdr = *start_tail;
for (; hdr && hdr != *stop_tail; hdr = hdr->next)
if (hdr->typeflag == TF_DIRECTORY)
{
if (opt.verbose > 1)
log_info ("scanning directory '%s'\n", hdr->name);
scan_recursive (hdr->name, scanctrl);
}
scanctrl->nestlevel--;
return err;
}
/* Returns true if PATTERN is acceptable. */
static int
pattern_valid_p (const char *pattern)
{
if (!*pattern)
return 0;
if (*pattern == '.' && pattern[1] == '.')
return 0;
if (*pattern == '/'
#ifdef HAVE_DOSISH_SYSTEM
|| *pattern == '\\'
#endif
)
return 0; /* Absolute filenames are not supported. */
#ifdef HAVE_DRIVE_LETTERS
if (((*pattern >= 'a' && *pattern <= 'z')
|| (*pattern >= 'A' && *pattern <= 'Z'))
&& pattern[1] == ':')
return 0; /* Drive letter are not allowed either. */
#endif /*HAVE_DRIVE_LETTERS*/
return 1; /* Okay. */
}
�
static void
store_xoctal (char *buffer, size_t length, unsigned long long value)
{
char *p, *pend;
size_t n;
unsigned long long v;
log_assert (length > 1);
v = value;
n = length;
p = pend = buffer + length;
*--p = 0; /* Nul byte. */
n--;
do
{
*--p = '0' + (v % 8);
v /= 8;
n--;
}
while (v && n);
if (!v)
{
/* Pad. */
for ( ; n; n--)
*--p = '0';
}
else /* Does not fit into the field. Store as binary number. */
{
v = value;
n = length;
p = pend = buffer + length;
do
{
*--p = v;
v /= 256;
n--;
}
while (v && n);
if (!v)
{
/* Pad. */
for ( ; n; n--)
*--p = 0;
if (*p & 0x80)
BUG ();
*p |= 0x80; /* Set binary flag. */
}
else
BUG ();
}
}
static void
store_uname (char *buffer, size_t length, unsigned long uid)
{
static int initialized;
static unsigned long lastuid;
static char lastuname[32];
if (!initialized || uid != lastuid)
{
#ifdef HAVE_W32_SYSTEM
mem2str (lastuname, uid? "user":"root", sizeof lastuname);
#else
struct passwd *pw = getpwuid (uid);
lastuid = uid;
initialized = 1;
if (pw)
mem2str (lastuname, pw->pw_name, sizeof lastuname);
else
{
log_info ("failed to get name for uid %lu\n", uid);
*lastuname = 0;
}
#endif
}
mem2str (buffer, lastuname, length);
}
static void
store_gname (char *buffer, size_t length, unsigned long gid)
{
static int initialized;
static unsigned long lastgid;
static char lastgname[32];
if (!initialized || gid != lastgid)
{
#ifdef HAVE_W32_SYSTEM
mem2str (lastgname, gid? "users":"root", sizeof lastgname);
#else
struct group *gr = getgrgid (gid);
lastgid = gid;
initialized = 1;
if (gr)
mem2str (lastgname, gr->gr_name, sizeof lastgname);
else
{
log_info ("failed to get name for gid %lu\n", gid);
*lastgname = 0;
}
#endif
}
mem2str (buffer, lastgname, length);
}
static void
compute_checksum (void *record)
{
struct ustar_raw_header *raw = record;
unsigned long chksum = 0;
unsigned char *p;
size_t n;
memset (raw->checksum, ' ', sizeof raw->checksum);
p = record;
for (n=0; n < RECORDSIZE; n++)
chksum += *p++;
store_xoctal (raw->checksum, sizeof raw->checksum - 1, chksum);
raw->checksum[7] = ' ';
}
/* Read a symlink without truncating it. Caller must release the
* returned buffer. Returns NULL on error. */
#ifndef HAVE_W32_SYSTEM
static char *
myreadlink (const char *name)
{
char *buffer;
size_t size;
int nread;
for (size = 1024; size <= 65536; size *= 2)
{
buffer = xtrymalloc (size);
if (!buffer)
return NULL;
nread = readlink (name, buffer, size - 1);
if (nread < 0)
{
xfree (buffer);
return NULL;
}
if (nread < size - 1)
{
buffer[nread] = 0;
return buffer; /* Got it. */
}
xfree (buffer);
}
gpg_err_set_errno (ERANGE);
return NULL;
}
#endif /*Unix*/
/* Build a header. If the filename or the link name ist too long
* allocate an exthdr and use a replacement file name in RECORD.
* Caller should always release R_EXTHDR; this function initializes it
* to point to NULL. */
static gpg_error_t
build_header (void *record, tar_header_t hdr, strlist_t *r_exthdr)
{
gpg_error_t err;
struct ustar_raw_header *raw = record;
size_t namelen, n;
strlist_t sl;
memset (record, 0, RECORDSIZE);
*r_exthdr = NULL;
/* Store name and prefix. */
namelen = strlen (hdr->name);
if (namelen < sizeof raw->name)
memcpy (raw->name, hdr->name, namelen);
else
{
n = (namelen < sizeof raw->prefix)? namelen : sizeof raw->prefix;
for (n--; n ; n--)
if (hdr->name[n] == '/')
break;
if (namelen - n < sizeof raw->name)
{
/* Note that the N is < sizeof prefix and that the
delimiting slash is not stored. */
memcpy (raw->prefix, hdr->name, n);
memcpy (raw->name, hdr->name+n+1, namelen - n);
}
else
{
/* Too long - prepare extended header. */
sl = add_to_strlist_try (r_exthdr, hdr->name);
if (!sl)
{
err = gpg_error_from_syserror ();
log_error ("error storing file '%s': %s\n",
hdr->name, gpg_strerror (err));
return err;
}
sl->flags = 1; /* Mark as path */
/* The name we use is not POSIX compliant but because we
* expect that (for security issues) a tarball will anyway
* be extracted to a unique new directory, a simple counter
* will do. To ease testing we also put in the PID. The
* count is bumped after the header has been written. */
snprintf (raw->name, sizeof raw->name-1, "_@paxheader.%u.%lu",
(unsigned int)getpid(), global_header_count + 1);
}
}
store_xoctal (raw->mode, sizeof raw->mode, hdr->mode);
store_xoctal (raw->uid, sizeof raw->uid, hdr->uid);
store_xoctal (raw->gid, sizeof raw->gid, hdr->gid);
store_xoctal (raw->size, sizeof raw->size, hdr->size);
store_xoctal (raw->mtime, sizeof raw->mtime, hdr->mtime);
switch (hdr->typeflag)
{
case TF_REGULAR: raw->typeflag[0] = '0'; break;
case TF_HARDLINK: raw->typeflag[0] = '1'; break;
case TF_SYMLINK: raw->typeflag[0] = '2'; break;
case TF_CHARDEV: raw->typeflag[0] = '3'; break;
case TF_BLOCKDEV: raw->typeflag[0] = '4'; break;
case TF_DIRECTORY: raw->typeflag[0] = '5'; break;
case TF_FIFO: raw->typeflag[0] = '6'; break;
default: return gpg_error (GPG_ERR_NOT_SUPPORTED);
}
memcpy (raw->magic, "ustar", 6);
raw->version[0] = '0';
raw->version[1] = '0';
store_uname (raw->uname, sizeof raw->uname, hdr->uid);
store_gname (raw->gname, sizeof raw->gname, hdr->gid);
#ifndef HAVE_W32_SYSTEM
if (hdr->typeflag == TF_SYMLINK)
{
int nread;
char *p;
nread = readlink (hdr->name, raw->linkname, sizeof raw->linkname -1);
if (nread < 0)
{
err = gpg_error_from_syserror ();
log_error ("error reading symlink '%s': %s\n",
hdr->name, gpg_strerror (err));
return err;
}
raw->linkname[nread] = 0;
if (nread == sizeof raw->linkname -1)
{
/* Truncated - read again and store as extended header. */
p = myreadlink (hdr->name);
if (!p)
{
err = gpg_error_from_syserror ();
log_error ("error reading symlink '%s': %s\n",
hdr->name, gpg_strerror (err));
return err;
}
sl = add_to_strlist_try (r_exthdr, p);
xfree (p);
if (!sl)
{
err = gpg_error_from_syserror ();
log_error ("error storing syslink '%s': %s\n",
hdr->name, gpg_strerror (err));
return err;
}
sl->flags = 2; /* Mark as linkpath */
}
}
#endif /*!HAVE_W32_SYSTEM*/
compute_checksum (record);
return 0;
}
/* Add an extended header record (NAME,VALUE) to the buffer MB. */
static void
add_extended_header_record (membuf_t *mb, const char *name, const char *value)
{
size_t n, n0, n1;
char numbuf[35];
size_t valuelen;
/* To avoid looping in most cases, we guess the initial value. */
valuelen = strlen (value);
n1 = valuelen > 95? 3 : 2;
do
{
n0 = n1;
/* (3 for the space before name, the '=', and the LF.) */
n = n0 + strlen (name) + valuelen + 3;
snprintf (numbuf, sizeof numbuf, "%zu", n);
n1 = strlen (numbuf);
}
while (n0 != n1);
put_membuf_str (mb, numbuf);
put_membuf (mb, " ", 1);
put_membuf_str (mb, name);
put_membuf (mb, "=", 1);
put_membuf (mb, value, valuelen);
put_membuf (mb, "\n", 1);
}
/* Write the extended header specified by EXTHDR to STREAM. */
static gpg_error_t
write_extended_header (estream_t stream, const void *record, strlist_t exthdr)
{
gpg_error_t err = 0;
struct ustar_raw_header raw;
strlist_t sl;
membuf_t mb;
char *buffer, *p;
size_t buflen;
init_membuf (&mb, 2*RECORDSIZE);
for (sl=exthdr; sl; sl = sl->next)
{
if (sl->flags == 1)
add_extended_header_record (&mb, "path", sl->d);
else if (sl->flags == 2)
add_extended_header_record (&mb, "linkpath", sl->d);
}
buffer = get_membuf (&mb, &buflen);
if (!buffer)
{
err = gpg_error_from_syserror ();
log_error ("error building extended header: %s\n", gpg_strerror (err));
goto leave;
}
/* We copy the header from the standard header record, so that an
* extracted extended header (using a non-pax aware software) is
* written with the same properties as the original file. The real
* entry will overwrite it anyway. Of course we adjust the size and
* the type. */
memcpy (&raw, record, RECORDSIZE);
store_xoctal (raw.size, sizeof raw.size, buflen);
raw.typeflag[0] = 'x'; /* Mark as extended header. */
compute_checksum (&raw);
err = write_record (stream, &raw);
if (err)
goto leave;
for (p = buffer; buflen >= RECORDSIZE; p += RECORDSIZE, buflen -= RECORDSIZE)
{
err = write_record (stream, p);
if (err)
goto leave;
}
if (buflen)
{
/* Reuse RAW for builidng the last record. */
memcpy (&raw, p, buflen);
memset ((char*)&raw+buflen, 0, RECORDSIZE - buflen);
err = write_record (stream, &raw);
if (err)
goto leave;
}
leave:
xfree (buffer);
return err;
}
static gpg_error_t
write_file (estream_t stream, tar_header_t hdr)
{
gpg_error_t err;
char record[RECORDSIZE];
estream_t infp;
size_t nread, nbytes;
strlist_t exthdr = NULL;
int any;
err = build_header (record, hdr, &exthdr);
if (err)
{
if (gpg_err_code (err) == GPG_ERR_NOT_SUPPORTED)
{
log_info ("skipping unsupported file '%s'\n", hdr->name);
err = 0;
}
return err;
}
if (hdr->typeflag == TF_REGULAR)
{
infp = es_fopen (hdr->name, "rb,sysopen");
if (!infp)
{
err = gpg_error_from_syserror ();
log_error ("can't open '%s': %s - skipped\n",
hdr->name, gpg_strerror (err));
return err;
}
}
else
infp = NULL;
if (exthdr && (err = write_extended_header (stream, record, exthdr)))
goto leave;
err = write_record (stream, record);
if (err)
goto leave;
global_header_count++;
if (hdr->typeflag == TF_REGULAR)
{
hdr->nrecords = (hdr->size + RECORDSIZE-1)/RECORDSIZE;
any = 0;
while (hdr->nrecords--)
{
nbytes = hdr->nrecords? RECORDSIZE : (hdr->size % RECORDSIZE);
if (!nbytes)
nbytes = RECORDSIZE;
nread = es_fread (record, 1, nbytes, infp);
if (nread != nbytes)
{
err = gpg_error_from_syserror ();
log_error ("error reading file '%s': %s%s\n",
hdr->name, gpg_strerror (err),
any? " (file shrunk?)":"");
goto leave;
}
else if (nbytes < RECORDSIZE)
memset (record + nbytes, 0, RECORDSIZE - nbytes);
any = 1;
err = write_record (stream, record);
if (err)
goto leave;
}
nread = es_fread (record, 1, 1, infp);
if (nread)
log_info ("note: file '%s' has grown\n", hdr->name);
}
leave:
if (err)
es_fclose (infp);
else if ((err = es_fclose (infp)))
log_error ("error closing file '%s': %s\n", hdr->name, gpg_strerror (err));
free_strlist (exthdr);
return err;
}
static gpg_error_t
write_eof_mark (estream_t stream)
{
gpg_error_t err;
char record[RECORDSIZE];
memset (record, 0, sizeof record);
err = write_record (stream, record);
if (!err)
err = write_record (stream, record);
return err;
}
�
/* Create a new tarball using the names in the array INPATTERN. If
INPATTERN is NULL take the pattern as null terminated strings from
stdin or from the file specified by FILES_FROM. If NULL_NAMES is
set the filenames in such a file are delimited by a binary Nul and
not by a LF. */
gpg_error_t
gpgtar_create (char **inpattern, const char *files_from, int null_names,
int encrypt, int sign)
{
gpg_error_t err = 0;
struct scanctrl_s scanctrl_buffer;
scanctrl_t scanctrl = &scanctrl_buffer;
tar_header_t hdr, *start_tail;
estream_t files_from_stream = NULL;
estream_t outstream = NULL;
- estream_t cipher_stream = NULL;
int eof_seen = 0;
+ pid_t pid = (pid_t)(-1);
memset (scanctrl, 0, sizeof *scanctrl);
scanctrl->flist_tail = &scanctrl->flist;
if (!inpattern)
{
if (!files_from || !strcmp (files_from, "-"))
{
files_from = "-";
files_from_stream = es_stdin;
if (null_names)
es_set_binary (es_stdin);
}
else if (!(files_from_stream=es_fopen (files_from, null_names? "rb":"r")))
{
err = gpg_error_from_syserror ();
log_error ("error opening '%s': %s\n",
files_from, gpg_strerror (err));
return err;
}
}
if (opt.directory && gnupg_chdir (opt.directory))
{
err = gpg_error_from_syserror ();
log_error ("chdir to '%s' failed: %s\n",
opt.directory, gpg_strerror (err));
return err;
}
while (!eof_seen)
{
char *pat, *p;
int skip_this = 0;
if (inpattern)
{
const char *pattern = *inpattern;
if (!pattern)
break; /* End of array. */
inpattern++;
if (!*pattern)
continue;
pat = name_to_utf8 (pattern, 0);
}
else /* Read Nul or LF delimited pattern from files_from_stream. */
{
int c;
char namebuf[4096];
size_t n = 0;
for (;;)
{
if ((c = es_getc (files_from_stream)) == EOF)
{
if (es_ferror (files_from_stream))
{
err = gpg_error_from_syserror ();
log_error ("error reading '%s': %s\n",
files_from, gpg_strerror (err));
goto leave;
}
c = null_names ? 0 : '\n';
eof_seen = 1;
}
if (n >= sizeof namebuf - 1)
{
if (!skip_this)
{
skip_this = 1;
log_error ("error reading '%s': %s\n",
files_from, "filename too long");
}
}
else
namebuf[n++] = c;
if (null_names)
{
if (!c)
{
namebuf[n] = 0;
break;
}
}
else /* Shall be LF delimited. */
{
if (!c)
{
if (!skip_this)
{
skip_this = 1;
log_error ("error reading '%s': %s\n",
files_from, "filename with embedded Nul");
}
}
else if ( c == '\n' )
{
namebuf[n] = 0;
ascii_trim_spaces (namebuf);
n = strlen (namebuf);
break;
}
}
}
if (skip_this || n < 2)
continue;
pat = name_to_utf8 (namebuf, opt.utf8strings);
}
if (!pat)
{
err = gpg_error_from_syserror ();
log_error ("memory allocation problem: %s\n", gpg_strerror (err));
goto leave;
}
for (p=pat; *p; p++)
if (*p == '\\')
*p = '/';
if (opt.verbose > 1)
log_info ("scanning '%s'\n", pat);
start_tail = scanctrl->flist_tail;
if (skip_this || !pattern_valid_p (pat))
log_error ("skipping invalid name '%s'\n", pat);
else if (!add_entry (pat, NULL, scanctrl)
&& *start_tail && ((*start_tail)->typeflag & TF_DIRECTORY))
scan_recursive (pat, scanctrl);
xfree (pat);
}
if (files_from_stream && files_from_stream != es_stdin)
es_fclose (files_from_stream);
- if (opt.outfile)
- {
- if (!strcmp (opt.outfile, "-"))
- outstream = es_stdout;
- else
- outstream = es_fopen (opt.outfile, "wb,sysopen");
- if (!outstream)
- {
- err = gpg_error_from_syserror ();
- goto leave;
- }
- }
- else
- {
- outstream = es_stdout;
- }
-
- if (outstream == es_stdout)
- es_set_binary (es_stdout);
-
- if (encrypt || sign)
- {
- cipher_stream = outstream;
- outstream = es_fopenmem (0, "rwb");
- if (! outstream)
- {
- err = gpg_error_from_syserror ();
- goto leave;
- }
- }
-
- for (hdr = scanctrl->flist; hdr; hdr = hdr->next)
- {
- err = write_file (outstream, hdr);
- if (err)
- goto leave;
- }
- err = write_eof_mark (outstream);
- if (err)
- goto leave;
-
if (encrypt || sign)
{
strlist_t arg;
ccparray_t ccp;
const char **argv;
- err = es_fseek (outstream, 0, SEEK_SET);
- if (err)
- goto leave;
-
/* '--encrypt' may be combined with '--symmetric', but 'encrypt'
- is set either way. Clear it if no recipients are specified.
- XXX: Fix command handling. */
+ * is set either way. Clear it if no recipients are specified.
+ */
if (opt.symmetric && opt.recipients == NULL)
encrypt = 0;
ccparray_init (&ccp, 0);
+ if (opt.batch)
+ ccparray_put (&ccp, "--batch");
+ if (opt.answer_yes)
+ ccparray_put (&ccp, "--yes");
+ if (opt.answer_no)
+ ccparray_put (&ccp, "--no");
+ if (opt.require_compliance)
+ ccparray_put (&ccp, "--require-compliance");
+ if (opt.status_fd != -1)
+ {
+ char tmpbuf[40];
+
+ snprintf (tmpbuf, sizeof tmpbuf, "--status-fd=%d", opt.status_fd);
+ ccparray_put (&ccp, tmpbuf);
+ }
+
+ ccparray_put (&ccp, "--output");
+ ccparray_put (&ccp, opt.outfile? opt.outfile : "-");
if (encrypt)
ccparray_put (&ccp, "--encrypt");
if (sign)
ccparray_put (&ccp, "--sign");
if (opt.user)
{
ccparray_put (&ccp, "--local-user");
ccparray_put (&ccp, opt.user);
}
if (opt.symmetric)
ccparray_put (&ccp, "--symmetric");
for (arg = opt.recipients; arg; arg = arg->next)
{
ccparray_put (&ccp, "--recipient");
ccparray_put (&ccp, arg->d);
}
for (arg = opt.gpg_arguments; arg; arg = arg->next)
ccparray_put (&ccp, arg->d);
ccparray_put (&ccp, NULL);
argv = ccparray_get (&ccp, NULL);
if (!argv)
{
err = gpg_error_from_syserror ();
goto leave;
}
- err = gnupg_exec_tool_stream (opt.gpg_program, argv,
- outstream, NULL, cipher_stream, NULL, NULL);
+ err = gnupg_spawn_process (opt.gpg_program, argv, NULL, NULL,
+ (GNUPG_SPAWN_KEEP_STDOUT
+ | GNUPG_SPAWN_KEEP_STDERR),
+ &outstream, NULL, NULL, &pid);
xfree (argv);
if (err)
goto leave;
+ es_set_binary (outstream);
+ }
+ else if (opt.outfile) /* No crypto */
+ {
+ if (!strcmp (opt.outfile, "-"))
+ outstream = es_stdout;
+ else
+ outstream = es_fopen (opt.outfile, "wb,sysopen");
+ if (!outstream)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ if (outstream == es_stdout)
+ es_set_binary (es_stdout);
+
+ }
+ else /* Also no crypto. */
+ {
+ outstream = es_stdout;
+ es_set_binary (outstream);
+ }
+
+
+ for (hdr = scanctrl->flist; hdr; hdr = hdr->next)
+ {
+ err = write_file (outstream, hdr);
+ if (err)
+ goto leave;
+ }
+ err = write_eof_mark (outstream);
+ if (err)
+ goto leave;
+
+
+ if (pid != (pid_t)(-1))
+ {
+ int exitcode;
+
+ err = es_fclose (outstream);
+ outstream = NULL;
+ if (err)
+ log_error ("error closing pipe: %s\n", gpg_strerror (err));
+ else
+ {
+ err = gnupg_wait_process (opt.gpg_program, pid, 1, &exitcode);
+ if (err)
+ log_error ("running %s failed (exitcode=%d): %s",
+ opt.gpg_program, exitcode, gpg_strerror (err));
+ gnupg_release_process (pid);
+ pid = (pid_t)(-1);
+ }
}
leave:
if (!err)
{
gpg_error_t first_err;
- if (outstream != es_stdout)
+ if (outstream != es_stdout || pid != (pid_t)(-1))
first_err = es_fclose (outstream);
else
first_err = es_fflush (outstream);
outstream = NULL;
- if (cipher_stream != es_stdout)
- err = es_fclose (cipher_stream);
- else
- err = es_fflush (cipher_stream);
- cipher_stream = NULL;
if (! err)
err = first_err;
}
if (err)
{
log_error ("creating tarball '%s' failed: %s\n",
opt.outfile ? opt.outfile : "-", gpg_strerror (err));
if (outstream && outstream != es_stdout)
es_fclose (outstream);
- if (cipher_stream && cipher_stream != es_stdout)
- es_fclose (cipher_stream);
if (opt.outfile)
gnupg_remove (opt.outfile);
}
scanctrl->flist_tail = NULL;
while ( (hdr = scanctrl->flist) )
{
scanctrl->flist = hdr->next;
xfree (hdr);
}
return err;
}
diff --git a/tools/gpgtar-extract.c b/tools/gpgtar-extract.c
index 5fad893c5..5f907733b 100644
--- a/tools/gpgtar-extract.c
+++ b/tools/gpgtar-extract.c
@@ -1,448 +1,476 @@
/* gpgtar-extract.c - Extract from a TAR archive
* Copyright (C) 2016-2017, 2019-2022 g10 Code GmbH
* Copyright (C) 2010, 2012, 2013 Werner Koch
* Copyright (C) 2010 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
* SPDX-License-Identifier: GPL-3.0-or-later
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include "../common/i18n.h"
-#include "../common/exectool.h"
+#include
+#include "../common/exechelp.h"
#include "../common/sysutils.h"
#include "../common/ccparray.h"
#include "gpgtar.h"
static gpg_error_t
check_suspicious_name (const char *name)
{
size_t n;
n = strlen (name);
#ifdef HAVE_DOSISH_SYSTEM
if (strchr (name, '\\'))
{
log_error ("filename '%s' contains a backslash - "
"can't extract on this system\n", name);
return gpg_error (GPG_ERR_INV_NAME);
}
#endif /*HAVE_DOSISH_SYSTEM*/
if (!n
|| strstr (name, "//")
|| strstr (name, "/../")
|| !strncmp (name, "../", 3)
|| (n >= 3 && !strcmp (name+n-3, "/.." )))
{
log_error ("filename '%s' has suspicious parts - not extracting\n",
name);
return gpg_error (GPG_ERR_INV_NAME);
}
return 0;
}
static gpg_error_t
extract_regular (estream_t stream, const char *dirname,
tarinfo_t info, tar_header_t hdr, strlist_t exthdr)
{
gpg_error_t err;
char record[RECORDSIZE];
size_t n, nbytes, nwritten;
char *fname_buffer = NULL;
const char *fname;
estream_t outfp = NULL;
strlist_t sl;
fname = hdr->name;
for (sl = exthdr; sl; sl = sl->next)
if (sl->flags == 1)
fname = sl->d;
err = check_suspicious_name (fname);
if (err)
goto leave;
fname_buffer = strconcat (dirname, "/", fname, NULL);
if (!fname_buffer)
{
err = gpg_error_from_syserror ();
log_error ("error creating filename: %s\n", gpg_strerror (err));
goto leave;
}
fname = fname_buffer;
if (opt.dry_run)
outfp = es_fopen ("/dev/null", "wb");
else
outfp = es_fopen (fname, "wb,sysopen");
if (!outfp)
{
err = gpg_error_from_syserror ();
log_error ("error creating '%s': %s\n", fname, gpg_strerror (err));
goto leave;
}
for (n=0; n < hdr->nrecords;)
{
err = read_record (stream, record);
if (err)
goto leave;
info->nblocks++;
n++;
if (n < hdr->nrecords || (hdr->size && !(hdr->size % RECORDSIZE)))
nbytes = RECORDSIZE;
else
nbytes = (hdr->size % RECORDSIZE);
nwritten = es_fwrite (record, 1, nbytes, outfp);
if (nwritten != nbytes)
{
err = gpg_error_from_syserror ();
log_error ("error writing '%s': %s\n", fname, gpg_strerror (err));
goto leave;
}
}
/* Fixme: Set permissions etc. */
leave:
if (!err && opt.verbose)
log_info ("extracted '%s'\n", fname);
es_fclose (outfp);
if (err && fname && outfp)
{
if (gnupg_remove (fname))
log_error ("error removing incomplete file '%s': %s\n",
fname, gpg_strerror (gpg_error_from_syserror ()));
}
xfree (fname_buffer);
return err;
}
static gpg_error_t
extract_directory (const char *dirname, tar_header_t hdr, strlist_t exthdr)
{
gpg_error_t err;
const char *name;
char *fname = NULL;
strlist_t sl;
name = hdr->name;
for (sl = exthdr; sl; sl = sl->next)
if (sl->flags == 1)
name = sl->d;
err = check_suspicious_name (name);
if (err)
goto leave;
fname = strconcat (dirname, "/", name, NULL);
if (!fname)
{
err = gpg_error_from_syserror ();
log_error ("error creating filename: %s\n", gpg_strerror (err));
goto leave;
}
/* Remove a possible trailing slash. */
if (fname[strlen (fname)-1] == '/')
fname[strlen (fname)-1] = 0;
if (! opt.dry_run && gnupg_mkdir (fname, "-rwx------"))
{
err = gpg_error_from_syserror ();
if (gpg_err_code (err) == GPG_ERR_EEXIST)
{
/* Ignore existing directories while extracting. */
err = 0;
}
if (gpg_err_code (err) == GPG_ERR_ENOENT)
{
/* Try to create the directory with parents but keep the
original error code in case of a failure. */
int rc = 0;
char *p;
size_t prefixlen;
/* (PREFIXLEN is the length of the new directory we use to
* extract the tarball.) */
prefixlen = strlen (dirname) + 1;
for (p = fname+prefixlen; (p = strchr (p, '/')); p++)
{
*p = 0;
rc = gnupg_mkdir (fname, "-rwx------");
*p = '/';
if (rc)
break;
}
if (!rc && !gnupg_mkdir (fname, "-rwx------"))
err = 0;
}
if (err)
log_error ("error creating directory '%s': %s\n",
fname, gpg_strerror (err));
}
leave:
if (!err && opt.verbose)
log_info ("created '%s/'\n", fname);
xfree (fname);
return err;
}
static gpg_error_t
extract (estream_t stream, const char *dirname, tarinfo_t info,
tar_header_t hdr, strlist_t exthdr)
{
gpg_error_t err;
size_t n;
if (hdr->typeflag == TF_REGULAR || hdr->typeflag == TF_UNKNOWN)
err = extract_regular (stream, dirname, info, hdr, exthdr);
else if (hdr->typeflag == TF_DIRECTORY)
err = extract_directory (dirname, hdr, exthdr);
else
{
char record[RECORDSIZE];
log_info ("unsupported file type %d for '%s' - skipped\n",
(int)hdr->typeflag, hdr->name);
for (err = 0, n=0; !err && n < hdr->nrecords; n++)
{
err = read_record (stream, record);
if (!err)
info->nblocks++;
}
}
return err;
}
/* Create a new directory to be used for extracting the tarball.
Returns the name of the directory which must be freed by the
caller. In case of an error a diagnostic is printed and NULL
returned. */
static char *
create_directory (const char *dirprefix)
{
gpg_error_t err = 0;
char *prefix_buffer = NULL;
char *dirname = NULL;
size_t n;
int idx;
/* Remove common suffixes. */
n = strlen (dirprefix);
if (n > 4 && (!compare_filenames (dirprefix + n - 4, EXTSEP_S GPGEXT_GPG)
|| !compare_filenames (dirprefix + n - 4, EXTSEP_S "pgp")
|| !compare_filenames (dirprefix + n - 4, EXTSEP_S "asc")
|| !compare_filenames (dirprefix + n - 4, EXTSEP_S "pem")
|| !compare_filenames (dirprefix + n - 4, EXTSEP_S "p7m")
|| !compare_filenames (dirprefix + n - 4, EXTSEP_S "p7e")))
{
prefix_buffer = xtrystrdup (dirprefix);
if (!prefix_buffer)
{
err = gpg_error_from_syserror ();
goto leave;
}
prefix_buffer[n-4] = 0;
dirprefix = prefix_buffer;
}
for (idx=1; idx < 5000; idx++)
{
xfree (dirname);
dirname = xtryasprintf ("%s_%d_", dirprefix, idx);
if (!dirname)
{
err = gpg_error_from_syserror ();
goto leave;
}
if (!gnupg_mkdir (dirname, "-rwx------"))
goto leave; /* Ready. */
if (errno != EEXIST && errno != ENOTDIR)
{
err = gpg_error_from_syserror ();
goto leave;
}
}
err = gpg_error (GPG_ERR_LIMIT_REACHED);
leave:
if (err)
{
log_error ("error creating an extract directory: %s\n",
gpg_strerror (err));
xfree (dirname);
dirname = NULL;
}
xfree (prefix_buffer);
return dirname;
}
�
gpg_error_t
gpgtar_extract (const char *filename, int decrypt)
{
gpg_error_t err;
- estream_t stream;
- estream_t cipher_stream = NULL;
+ estream_t stream = NULL;
tar_header_t header = NULL;
strlist_t extheader = NULL;
const char *dirprefix = NULL;
char *dirname = NULL;
struct tarinfo_s tarinfo_buffer;
tarinfo_t tarinfo = &tarinfo_buffer;
+ pid_t pid = (pid_t)(-1);
memset (&tarinfo_buffer, 0, sizeof tarinfo_buffer);
- if (filename)
- {
- if (!strcmp (filename, "-"))
- stream = es_stdin;
- else
- stream = es_fopen (filename, "rb,sysopen");
- if (!stream)
- {
- err = gpg_error_from_syserror ();
- log_error ("error opening '%s': %s\n", filename, gpg_strerror (err));
- return err;
- }
- }
- else
- stream = es_stdin;
-
- if (stream == es_stdin)
- es_set_binary (es_stdin);
-
if (decrypt)
{
strlist_t arg;
ccparray_t ccp;
const char **argv;
- cipher_stream = stream;
- stream = es_fopenmem (0, "rwb");
- if (! stream)
- {
- err = gpg_error_from_syserror ();
- goto leave;
- }
-
ccparray_init (&ccp, 0);
+ if (opt.batch)
+ ccparray_put (&ccp, "--batch");
+ if (opt.require_compliance)
+ ccparray_put (&ccp, "--require-compliance");
+ if (opt.status_fd != -1)
+ {
+ char tmpbuf[40];
+ snprintf (tmpbuf, sizeof tmpbuf, "--status-fd=%d", opt.status_fd);
+ ccparray_put (&ccp, tmpbuf);
+ }
+ ccparray_put (&ccp, "--output");
+ ccparray_put (&ccp, "-");
ccparray_put (&ccp, "--decrypt");
for (arg = opt.gpg_arguments; arg; arg = arg->next)
ccparray_put (&ccp, arg->d);
+ if (filename)
+ {
+ ccparray_put (&ccp, "--");
+ ccparray_put (&ccp, filename);
+ }
ccparray_put (&ccp, NULL);
argv = ccparray_get (&ccp, NULL);
if (!argv)
{
err = gpg_error_from_syserror ();
goto leave;
}
- err = gnupg_exec_tool_stream (opt.gpg_program, argv,
- cipher_stream, NULL, stream, NULL, NULL);
+ err = gnupg_spawn_process (opt.gpg_program, argv, NULL, NULL,
+ ((filename? 0 : GNUPG_SPAWN_KEEP_STDIN)
+ | GNUPG_SPAWN_KEEP_STDERR),
+ NULL, &stream, NULL, &pid);
xfree (argv);
if (err)
goto leave;
-
- err = es_fseek (stream, 0, SEEK_SET);
- if (err)
- goto leave;
+ es_set_binary (stream);
+ }
+ else if (filename)
+ {
+ if (!strcmp (filename, "-"))
+ stream = es_stdin;
+ else
+ stream = es_fopen (filename, "rb,sysopen");
+ if (!stream)
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("error opening '%s': %s\n", filename, gpg_strerror (err));
+ return err;
+ }
+ if (stream == es_stdin)
+ es_set_binary (es_stdin);
+ }
+ else
+ {
+ stream = es_stdin;
+ es_set_binary (es_stdin);
}
+
if (opt.directory)
dirname = xtrystrdup (opt.directory);
else
{
if (opt.filename)
{
dirprefix = strrchr (opt.filename, '/');
if (dirprefix)
dirprefix++;
else
dirprefix = opt.filename;
}
else if (filename)
{
dirprefix = strrchr (filename, '/');
if (dirprefix)
dirprefix++;
else
dirprefix = filename;
}
if (!dirprefix || !*dirprefix)
dirprefix = "GPGARCH";
dirname = create_directory (dirprefix);
if (!dirname)
{
err = gpg_error (GPG_ERR_GENERAL);
goto leave;
}
}
if (opt.verbose)
log_info ("extracting to '%s/'\n", dirname);
for (;;)
{
err = gpgtar_read_header (stream, tarinfo, &header, &extheader);
if (err || header == NULL)
goto leave;
err = extract (stream, dirname, tarinfo, header, extheader);
if (err)
goto leave;
free_strlist (extheader);
extheader = NULL;
xfree (header);
header = NULL;
}
+ if (pid != (pid_t)(-1))
+ {
+ int exitcode;
+
+ err = es_fclose (stream);
+ stream = NULL;
+ if (err)
+ log_error ("error closing pipe: %s\n", gpg_strerror (err));
+ else
+ {
+ err = gnupg_wait_process (opt.gpg_program, pid, 1, &exitcode);
+ if (err)
+ log_error ("running %s failed (exitcode=%d): %s",
+ opt.gpg_program, exitcode, gpg_strerror (err));
+ gnupg_release_process (pid);
+ pid = (pid_t)(-1);
+ }
+ }
+
leave:
free_strlist (extheader);
xfree (header);
xfree (dirname);
if (stream != es_stdin)
es_fclose (stream);
- if (stream != cipher_stream)
- es_fclose (cipher_stream);
return err;
}
diff --git a/tools/gpgtar-list.c b/tools/gpgtar-list.c
index 413abeed3..9e175437b 100644
--- a/tools/gpgtar-list.c
+++ b/tools/gpgtar-list.c
@@ -1,562 +1,590 @@
/* gpgtar-list.c - List a TAR archive
* Copyright (C) 2016-2017, 2019-2022 g10 Code GmbH
* Copyright (C) 2010, 2012, 2013 Werner Koch
* Copyright (C) 2010 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
* SPDX-License-Identifier: GPL-3.0-or-later
*/
#include
#include
#include
#include
#include
#include "../common/i18n.h"
+#include
#include "gpgtar.h"
-#include "../common/exectool.h"
+#include "../common/exechelp.h"
+#include "../common/sysutils.h"
#include "../common/ccparray.h"
�
static unsigned long long
parse_xoctal (const void *data, size_t length, const char *filename)
{
const unsigned char *p = data;
unsigned long long value;
if (!length)
value = 0;
else if ( (*p & 0x80))
{
/* Binary format. */
value = (*p++ & 0x7f);
while (--length)
{
value <<= 8;
value |= *p++;
}
}
else
{
/* Octal format */
value = 0;
/* Skip leading spaces and zeroes. */
for (; length && (*p == ' ' || *p == '0'); length--, p++)
;
for (; length && *p; length--, p++)
{
if (*p >= '0' && *p <= '7')
{
value <<= 3;
value += (*p - '0');
}
else
{
log_error ("%s: invalid octal number encountered - assuming 0\n",
filename);
value = 0;
break;
}
}
}
return value;
}
static tar_header_t
parse_header (const void *record, const char *filename, tarinfo_t info)
{
const struct ustar_raw_header *raw = record;
size_t n, namelen, prefixlen;
tar_header_t header;
int use_prefix;
int anyerror = 0;
info->headerblock = info->nblocks - 1;
use_prefix = (!memcmp (raw->magic, "ustar", 5)
&& (raw->magic[5] == ' ' || !raw->magic[5]));
for (namelen=0; namelen < sizeof raw->name && raw->name[namelen]; namelen++)
;
if (namelen == sizeof raw->name)
{
log_info ("%s: warning: name not terminated by a nul\n", filename);
anyerror = 1;
}
for (n=namelen+1; n < sizeof raw->name; n++)
if (raw->name[n])
{
log_info ("%s: warning: garbage after name\n", filename);
anyerror = 1;
break;
}
if (use_prefix && raw->prefix[0])
{
for (prefixlen=0; (prefixlen < sizeof raw->prefix
&& raw->prefix[prefixlen]); prefixlen++)
;
if (prefixlen == sizeof raw->prefix)
log_info ("%s: warning: prefix not terminated by a nul (block %llu)\n",
filename, info->headerblock);
for (n=prefixlen+1; n < sizeof raw->prefix; n++)
if (raw->prefix[n])
{
log_info ("%s: warning: garbage after prefix\n", filename);
anyerror = 1;
break;
}
}
else
prefixlen = 0;
header = xtrycalloc (1, sizeof *header + prefixlen + 1 + namelen);
if (!header)
{
log_error ("%s: error allocating header: %s\n",
filename, gpg_strerror (gpg_error_from_syserror ()));
return NULL;
}
if (prefixlen)
{
n = prefixlen;
memcpy (header->name, raw->prefix, n);
if (raw->prefix[n-1] != '/')
header->name[n++] = '/';
}
else
n = 0;
memcpy (header->name+n, raw->name, namelen);
header->name[n+namelen] = 0;
header->mode = parse_xoctal (raw->mode, sizeof raw->mode, filename);
header->uid = parse_xoctal (raw->uid, sizeof raw->uid, filename);
header->gid = parse_xoctal (raw->gid, sizeof raw->gid, filename);
header->size = parse_xoctal (raw->size, sizeof raw->size, filename);
header->mtime = parse_xoctal (raw->mtime, sizeof raw->mtime, filename);
/* checksum = */
switch (raw->typeflag[0])
{
case '0': header->typeflag = TF_REGULAR; break;
case '1': header->typeflag = TF_HARDLINK; break;
case '2': header->typeflag = TF_SYMLINK; break;
case '3': header->typeflag = TF_CHARDEV; break;
case '4': header->typeflag = TF_BLOCKDEV; break;
case '5': header->typeflag = TF_DIRECTORY; break;
case '6': header->typeflag = TF_FIFO; break;
case '7': header->typeflag = TF_RESERVED; break;
case 'g': header->typeflag = TF_GEXTHDR; break;
case 'x': header->typeflag = TF_EXTHDR; break;
default: header->typeflag = TF_UNKNOWN; break;
}
/* Compute the number of data records following this header. */
if (header->typeflag == TF_REGULAR
|| header->typeflag == TF_EXTHDR
|| header->typeflag == TF_UNKNOWN)
header->nrecords = (header->size + RECORDSIZE-1)/RECORDSIZE;
else
header->nrecords = 0;
if (anyerror)
{
log_info ("%s: header block %llu is corrupt"
" (size=%llu type=%d nrec=%llu)\n",
filename, info->headerblock,
header->size, header->typeflag, header->nrecords);
/* log_printhex (record, RECORDSIZE, " "); */
}
return header;
}
/* Parse the extended header. This funcion may modify BUFFER. */
static gpg_error_t
parse_extended_header (const char *fname,
char *buffer, size_t buflen, strlist_t *r_exthdr)
{
unsigned int reclen;
unsigned char *p, *record;
strlist_t sl;
while (buflen)
{
record = buffer; /* Remember begin of record. */
reclen = 0;
for (p = buffer; buflen && digitp (p); buflen--, p++)
{
reclen *= 10;
reclen += (*p - '0');
}
if (!buflen || *p != ' ')
{
log_error ("%s: malformed record length in extended header\n", fname);
return gpg_error (GPG_ERR_INV_RECORD);
}
p++; /* Skip space. */
buflen--;
if (buflen + (p-record) < reclen)
{
log_error ("%s: extended header record larger"
" than total extended header data\n", fname);
return gpg_error (GPG_ERR_INV_RECORD);
}
if (reclen < (p-record)+2 || record[reclen-1] != '\n')
{
log_error ("%s: malformed extended header record\n", fname);
return gpg_error (GPG_ERR_INV_RECORD);
}
record[reclen-1] = 0; /* For convenience change LF to a Nul. */
reclen -= (p-record);
/* P points to the begin of the keyword and RECLEN is the
* remaining length of the record excluding the LF. */
if (memchr (p, 0, reclen-1)
&& (!strncmp (p, "path=", 5) || !strncmp (p, "linkpath=", 9)))
{
log_error ("%s: extended header record has an embedded nul"
" - ignoring\n", fname);
}
else if (!strncmp (p, "path=", 5))
{
sl = add_to_strlist_try (r_exthdr, p+5);
if (!sl)
return gpg_error_from_syserror ();
sl->flags = 1; /* Mark as path */
}
else if (!strncmp (p, "linkpath=", 9))
{
sl = add_to_strlist_try (r_exthdr, p+9);
if (!sl)
return gpg_error_from_syserror ();
sl->flags = 2; /* Mark as linkpath */
}
buffer = p + reclen;
buflen -= reclen;
}
return 0;
}
�
/* Read the next block, assuming it is a tar header. Returns a header
* object on success in R_HEADER, or an error. If the stream is
* consumed (i.e. end-of-archive), R_HEADER is set to NULL. In case
* of an error an error message is printed. If the header is an
* extended header, a string list is allocated and stored at
* R_EXTHEADER; the caller should provide a pointer to NULL. Such an
* extended header is fully processed here and the returned R_HEADER
* has then the next regular header. */
static gpg_error_t
read_header (estream_t stream, tarinfo_t info,
tar_header_t *r_header, strlist_t *r_extheader)
{
gpg_error_t err;
char record[RECORDSIZE];
int i;
tar_header_t hdr;
char *buffer;
size_t buflen, nrec;
err = read_record (stream, record);
if (err)
return err;
info->nblocks++;
for (i=0; i < RECORDSIZE && !record[i]; i++)
;
if (i == RECORDSIZE)
{
/* All zero header - check whether it is the first part of an
end of archive mark. */
err = read_record (stream, record);
if (err)
return err;
info->nblocks++;
for (i=0; i < RECORDSIZE && !record[i]; i++)
;
if (i != RECORDSIZE)
log_info ("%s: warning: skipping empty header\n",
es_fname_get (stream));
else
{
/* End of archive - FIXME: we might want to check for garbage. */
*r_header = NULL;
return 0;
}
}
*r_header = parse_header (record, es_fname_get (stream), info);
if (!*r_header)
return gpg_error_from_syserror ();
hdr = *r_header;
if (hdr->typeflag != TF_EXTHDR || !r_extheader)
return 0;
/* Read the extended header. */
if (!hdr->nrecords)
{
/* More than 64k for an extedned header is surely too large. */
log_info ("%s: warning: empty extended header\n",
es_fname_get (stream));
return 0;
}
if (hdr->nrecords > 65536 / RECORDSIZE)
{
/* More than 64k for an extedned header is surely too large. */
log_error ("%s: extended header too large - skipping\n",
es_fname_get (stream));
return 0;
}
buffer = xtrymalloc (hdr->nrecords * RECORDSIZE);
if (!buffer)
{
err = gpg_error_from_syserror ();
log_error ("%s: error allocating space for extended header: %s\n",
es_fname_get (stream), gpg_strerror (err));
return err;
}
buflen = 0;
for (nrec=0; nrec < hdr->nrecords;)
{
err = read_record (stream, buffer + buflen);
if (err)
{
xfree (buffer);
return err;
}
info->nblocks++;
nrec++;
if (nrec < hdr->nrecords || (hdr->size && !(hdr->size % RECORDSIZE)))
buflen += RECORDSIZE;
else
buflen += (hdr->size % RECORDSIZE);
}
err = parse_extended_header (es_fname_get (stream),
buffer, buflen, r_extheader);
if (err)
{
free_strlist (*r_extheader);
*r_extheader = NULL;
}
xfree (buffer);
/* Now tha the extedned header has been read, we read the next
* header without allowing an extended header. */
return read_header (stream, info, r_header, NULL);
}
/* Skip the data records according to HEADER. Prints an error message
on error and return -1. */
static int
skip_data (estream_t stream, tarinfo_t info, tar_header_t header)
{
char record[RECORDSIZE];
unsigned long long n;
for (n=0; n < header->nrecords; n++)
{
if (read_record (stream, record))
return -1;
info->nblocks++;
}
return 0;
}
�
static void
print_header (tar_header_t header, strlist_t extheader, estream_t out)
{
unsigned long mask;
char modestr[10+1];
int i;
strlist_t sl;
const char *name, *linkname;
*modestr = '?';
switch (header->typeflag)
{
case TF_REGULAR: *modestr = '-'; break;
case TF_HARDLINK: *modestr = 'h'; break;
case TF_SYMLINK: *modestr = 'l'; break;
case TF_CHARDEV: *modestr = 'c'; break;
case TF_BLOCKDEV: *modestr = 'b'; break;
case TF_DIRECTORY:*modestr = 'd'; break;
case TF_FIFO: *modestr = 'f'; break;
case TF_RESERVED: *modestr = '='; break;
case TF_EXTHDR: break;
case TF_GEXTHDR: break;
case TF_UNKNOWN: break;
case TF_NOTSUP: break;
}
for (mask = 0400, i = 0; i < 9; i++, mask >>= 1)
modestr[1+i] = (header->mode & mask)? "rwxrwxrwx"[i]:'-';
if ((header->typeflag & 04000))
modestr[3] = modestr[3] == 'x'? 's':'S';
if ((header->typeflag & 02000))
modestr[6] = modestr[6] == 'x'? 's':'S';
if ((header->typeflag & 01000))
modestr[9] = modestr[9] == 'x'? 't':'T';
modestr[10] = 0;
/* FIXME: We do not parse the linkname unless its part of an
* extended header. */
name = header->name;
linkname = header->typeflag == TF_SYMLINK? "?" : NULL;
for (sl = extheader; sl; sl = sl->next)
{
if (sl->flags == 1)
name = sl->d;
else if (sl->flags == 2)
linkname = sl->d;
}
es_fprintf (out, "%s %lu %lu/%lu %12llu %s %s%s%s\n",
modestr, header->nlink, header->uid, header->gid, header->size,
isotimestamp (header->mtime),
name,
linkname? " -> " : "",
linkname? linkname : "");
}
�
/* List the tarball FILENAME or, if FILENAME is NULL, the tarball read
from stdin. */
gpg_error_t
gpgtar_list (const char *filename, int decrypt)
{
gpg_error_t err;
- estream_t stream;
- estream_t cipher_stream = NULL;
+ estream_t stream = NULL;
tar_header_t header = NULL;
strlist_t extheader = NULL;
struct tarinfo_s tarinfo_buffer;
tarinfo_t tarinfo = &tarinfo_buffer;
+ pid_t pid = (pid_t)(-1);
memset (&tarinfo_buffer, 0, sizeof tarinfo_buffer);
- if (filename)
- {
- if (!strcmp (filename, "-"))
- stream = es_stdin;
- else
- stream = es_fopen (filename, "rb");
- if (!stream)
- {
- err = gpg_error_from_syserror ();
- log_error ("error opening '%s': %s\n", filename, gpg_strerror (err));
- return err;
- }
- }
- else
- stream = es_stdin;
-
- if (stream == es_stdin)
- es_set_binary (es_stdin);
-
if (decrypt)
{
strlist_t arg;
ccparray_t ccp;
const char **argv;
- cipher_stream = stream;
- stream = es_fopenmem (0, "rwb");
- if (! stream)
- {
- err = gpg_error_from_syserror ();
- goto leave;
- }
-
ccparray_init (&ccp, 0);
+ if (opt.batch)
+ ccparray_put (&ccp, "--batch");
+ if (opt.require_compliance)
+ ccparray_put (&ccp, "--require-compliance");
+ if (opt.status_fd != -1)
+ {
+ char tmpbuf[40];
+ snprintf (tmpbuf, sizeof tmpbuf, "--status-fd=%d", opt.status_fd);
+ ccparray_put (&ccp, tmpbuf);
+ }
+ ccparray_put (&ccp, "--output");
+ ccparray_put (&ccp, "-");
ccparray_put (&ccp, "--decrypt");
for (arg = opt.gpg_arguments; arg; arg = arg->next)
ccparray_put (&ccp, arg->d);
+ if (filename)
+ {
+ ccparray_put (&ccp, "--");
+ ccparray_put (&ccp, filename);
+ }
ccparray_put (&ccp, NULL);
argv = ccparray_get (&ccp, NULL);
if (!argv)
{
err = gpg_error_from_syserror ();
goto leave;
}
- err = gnupg_exec_tool_stream (opt.gpg_program, argv,
- cipher_stream, NULL, stream, NULL, NULL);
+ err = gnupg_spawn_process (opt.gpg_program, argv, NULL, NULL,
+ ((filename? 0 : GNUPG_SPAWN_KEEP_STDIN)
+ | GNUPG_SPAWN_KEEP_STDERR),
+ NULL, &stream, NULL, &pid);
xfree (argv);
if (err)
goto leave;
-
- err = es_fseek (stream, 0, SEEK_SET);
- if (err)
- goto leave;
+ es_set_binary (stream);
+ }
+ else if (filename) /* No decryption requested. */
+ {
+ if (!strcmp (filename, "-"))
+ stream = es_stdin;
+ else
+ stream = es_fopen (filename, "rb,sysopen");
+ if (!stream)
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("error opening '%s': %s\n", filename, gpg_strerror (err));
+ goto leave;
+ }
+ if (stream == es_stdin)
+ es_set_binary (es_stdin);
+ }
+ else
+ {
+ stream = es_stdin;
+ es_set_binary (es_stdin);
}
for (;;)
{
err = read_header (stream, tarinfo, &header, &extheader);
if (err || header == NULL)
goto leave;
print_header (header, extheader, es_stdout);
if (skip_data (stream, tarinfo, header))
goto leave;
free_strlist (extheader);
extheader = NULL;
xfree (header);
header = NULL;
}
+ if (pid != (pid_t)(-1))
+ {
+ int exitcode;
+
+ err = es_fclose (stream);
+ stream = NULL;
+ if (err)
+ log_error ("error closing pipe: %s\n", gpg_strerror (err));
+ else
+ {
+ err = gnupg_wait_process (opt.gpg_program, pid, 1, &exitcode);
+ if (err)
+ log_error ("running %s failed (exitcode=%d): %s",
+ opt.gpg_program, exitcode, gpg_strerror (err));
+ gnupg_release_process (pid);
+ pid = (pid_t)(-1);
+ }
+ }
leave:
free_strlist (extheader);
xfree (header);
if (stream != es_stdin)
es_fclose (stream);
- if (stream != cipher_stream)
- es_fclose (cipher_stream);
return err;
}
+
gpg_error_t
gpgtar_read_header (estream_t stream, tarinfo_t info,
tar_header_t *r_header, strlist_t *r_extheader)
{
return read_header (stream, info, r_header, r_extheader);
}
void
gpgtar_print_header (tar_header_t header, strlist_t extheader, estream_t out)
{
if (header && out)
print_header (header, extheader, out);
}
diff --git a/tools/gpgtar.c b/tools/gpgtar.c
index 57cac7c94..732a592fb 100644
--- a/tools/gpgtar.c
+++ b/tools/gpgtar.c
@@ -1,619 +1,641 @@
/* gpgtar.c - A simple TAR implementation mainly useful for Windows.
* Copyright (C) 2010 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
* SPDX-License-Identifier: GPL-3.0-or-later
*/
/* GnuPG comes with a shell script gpg-zip which creates archive files
in the same format as PGP Zip, which is actually a USTAR format.
That is fine and works nicely on all Unices but for Windows we
don't have a compatible shell and the supply of tar programs is
limited. Given that we need just a few tar option and it is an
open question how many Unix concepts are to be mapped to Windows,
we might as well write our own little tar customized for use with
gpg. So here we go. */
#include
#include
#include
#include
#include
#include
#define INCLUDED_BY_MAIN_MODULE 1
#include "../common/util.h"
#include "../common/i18n.h"
#include "../common/sysutils.h"
#include "../common/openpgpdefs.h"
#include "../common/init.h"
#include "../common/strlist.h"
#include "gpgtar.h"
/* Constants to identify the commands and options. */
enum cmd_and_opt_values
{
aNull = 0,
aCreate = 600,
aExtract,
aEncrypt = 'e',
aDecrypt = 'd',
aSign = 's',
aList = 't',
oSymmetric = 'c',
oRecipient = 'r',
oUser = 'u',
oOutput = 'o',
oDirectory = 'C',
oQuiet = 'q',
oVerbose = 'v',
oFilesFrom = 'T',
oNoVerbose = 500,
aSignEncrypt,
oGpgProgram,
oSkipCrypto,
oOpenPGP,
oCMS,
oSetFilename,
oNull,
oUtf8Strings,
+ oBatch,
+ oAnswerYes,
+ oAnswerNo,
+ oStatusFD,
+ oRequireCompliance,
+
/* Compatibility with gpg-zip. */
oGpgArgs,
oTarArgs,
oTarProgram,
/* Debugging. */
- oDryRun,
+ oDryRun
};
/* The list of commands and options. */
static gpgrt_opt_t opts[] = {
ARGPARSE_group (300, N_("@Commands:\n ")),
ARGPARSE_c (aCreate, "create", N_("create an archive")),
ARGPARSE_c (aExtract, "extract", N_("extract an archive")),
ARGPARSE_c (aEncrypt, "encrypt", N_("create an encrypted archive")),
ARGPARSE_c (aDecrypt, "decrypt", N_("extract an encrypted archive")),
ARGPARSE_c (aSign, "sign", N_("create a signed archive")),
ARGPARSE_c (aList, "list-archive", N_("list an archive")),
ARGPARSE_group (301, N_("@\nOptions:\n ")),
ARGPARSE_s_n (oSymmetric, "symmetric", N_("use symmetric encryption")),
ARGPARSE_s_s (oRecipient, "recipient", N_("|USER-ID|encrypt for USER-ID")),
ARGPARSE_s_s (oUser, "local-user",
N_("|USER-ID|use USER-ID to sign or decrypt")),
ARGPARSE_s_s (oOutput, "output", N_("|FILE|write output to FILE")),
ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")),
ARGPARSE_s_s (oGpgProgram, "gpg", "@"),
ARGPARSE_s_n (oSkipCrypto, "skip-crypto", N_("skip the crypto processing")),
ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
ARGPARSE_s_s (oSetFilename, "set-filename", "@"),
ARGPARSE_s_n (oOpenPGP, "openpgp", "@"),
ARGPARSE_s_n (oCMS, "cms", "@"),
+ ARGPARSE_s_n (oBatch, "batch", "@"),
+ ARGPARSE_s_n (oAnswerYes, "yes", "@"),
+ ARGPARSE_s_n (oAnswerNo, "no", "@"),
+ ARGPARSE_s_i (oStatusFD, "status-fd", "@"),
+ ARGPARSE_s_n (oRequireCompliance, "require-compliance", "@"),
+
ARGPARSE_group (302, N_("@\nTar options:\n ")),
ARGPARSE_s_s (oDirectory, "directory",
N_("|DIRECTORY|change to DIRECTORY first")),
ARGPARSE_s_s (oFilesFrom, "files-from",
N_("|FILE|get names to create from FILE")),
ARGPARSE_s_n (oNull, "null", N_("-T reads null-terminated names")),
#ifdef HAVE_W32_SYSTEM
ARGPARSE_s_n (oUtf8Strings, "utf8-strings",
N_("-T reads UTF-8 encoded names")),
#else
ARGPARSE_s_n (oUtf8Strings, "utf8-strings", "@"),
#endif
ARGPARSE_s_s (oGpgArgs, "gpg-args", "@"),
ARGPARSE_s_s (oTarArgs, "tar-args", "@"),
ARGPARSE_s_s (oTarProgram, "tar", "@"),
ARGPARSE_end ()
};
/* The list of commands and options for tar that we understand. */
static gpgrt_opt_t tar_opts[] = {
ARGPARSE_s_s (oDirectory, "directory",
N_("|DIRECTORY|extract files into DIRECTORY")),
ARGPARSE_s_s (oFilesFrom, "files-from",
N_("|FILE|get names to create from FILE")),
ARGPARSE_s_n (oNull, "null", N_("-T reads null-terminated names")),
ARGPARSE_end ()
};
/* Global flags. */
static enum cmd_and_opt_values cmd = 0;
static int skip_crypto = 0;
static const char *files_from = NULL;
static int null_names = 0;
�
/* Print usage information and provide strings for help. */
static const char *
my_strusage( int level )
{
const char *p;
switch (level)
{
case 9: p = "GPL-3.0-or-later"; break;
case 11: p = "@GPGTAR@ (@GNUPG@)";
break;
case 13: p = VERSION; break;
case 14: p = GNUPG_DEF_COPYRIGHT_LINE; break;
case 17: p = PRINTABLE_OS_NAME; break;
case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
case 1:
case 40:
p = _("Usage: gpgtar [options] [files] [directories] (-h for help)");
break;
case 41:
p = _("Syntax: gpgtar [options] [files] [directories]\n"
"Encrypt or sign files into an archive\n");
break;
default: p = NULL; break;
}
return p;
}
static void
set_cmd (enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd)
{
enum cmd_and_opt_values c = *ret_cmd;
if (!c || c == new_cmd)
c = new_cmd;
else if (c == aSign && new_cmd == aEncrypt)
c = aSignEncrypt;
else if (c == aEncrypt && new_cmd == aSign)
c = aSignEncrypt;
else
{
log_error (_("conflicting commands\n"));
exit (2);
}
*ret_cmd = c;
}
�
/* Shell-like argument splitting.
For compatibility with gpg-zip we accept arguments for GnuPG and
tar given as a string argument to '--gpg-args' and '--tar-args'.
gpg-zip was implemented as a Bourne Shell script, and therefore, we
need to split the string the same way the shell would. */
static int
shell_parse_stringlist (const char *str, strlist_t *r_list)
{
strlist_t list = NULL;
const char *s = str;
char quoted = 0;
char arg[1024];
char *p = arg;
#define addchar(c) \
do { if (p - arg + 2 < sizeof arg) *p++ = (c); else return 1; } while (0)
#define addargument() \
do { \
if (p > arg) \
{ \
*p = 0; \
append_to_strlist (&list, arg); \
p = arg; \
} \
} while (0)
#define unquoted 0
#define singlequote '\''
#define doublequote '"'
for (; *s; s++)
{
switch (quoted)
{
case unquoted:
if (isspace (*s))
addargument ();
else if (*s == singlequote || *s == doublequote)
quoted = *s;
else
addchar (*s);
break;
case singlequote:
if (*s == singlequote)
quoted = unquoted;
else
addchar (*s);
break;
case doublequote:
log_assert (s > str || !"cannot be quoted at first char");
if (*s == doublequote && *(s - 1) != '\\')
quoted = unquoted;
else
addchar (*s);
break;
default:
log_assert (! "reached");
}
}
/* Append the last argument. */
addargument ();
#undef doublequote
#undef singlequote
#undef unquoted
#undef addargument
#undef addchar
*r_list = list;
return 0;
}
/* Like shell_parse_stringlist, but returns an argv vector
instead of a strlist. */
static int
shell_parse_argv (const char *s, int *r_argc, char ***r_argv)
{
int i;
strlist_t list;
if (shell_parse_stringlist (s, &list))
return 1;
*r_argc = strlist_length (list);
*r_argv = xtrycalloc (*r_argc, sizeof **r_argv);
if (*r_argv == NULL)
return 1;
for (i = 0; list; i++)
{
gpgrt_annotate_leaked_object (list);
(*r_argv)[i] = list->d;
list = list->next;
}
gpgrt_annotate_leaked_object (*r_argv);
return 0;
}
�
/* Command line parsing. */
static void
parse_arguments (gpgrt_argparse_t *pargs, gpgrt_opt_t *popts)
{
int no_more_options = 0;
while (!no_more_options && gpgrt_argparse (NULL, pargs, popts))
{
switch (pargs->r_opt)
{
case oOutput: opt.outfile = pargs->r.ret_str; break;
case oDirectory: opt.directory = pargs->r.ret_str; break;
case oSetFilename: opt.filename = pargs->r.ret_str; break;
case oQuiet: opt.quiet = 1; break;
case oVerbose: opt.verbose++; break;
case oNoVerbose: opt.verbose = 0; break;
case oFilesFrom: files_from = pargs->r.ret_str; break;
case oNull: null_names = 1; break;
case oUtf8Strings: opt.utf8strings = 1; break;
case aList:
case aDecrypt:
case aEncrypt:
case aSign:
set_cmd (&cmd, pargs->r_opt);
break;
case aCreate:
set_cmd (&cmd, aEncrypt);
skip_crypto = 1;
break;
case aExtract:
set_cmd (&cmd, aDecrypt);
skip_crypto = 1;
break;
case oRecipient:
add_to_strlist (&opt.recipients, pargs->r.ret_str);
break;
case oUser:
opt.user = pargs->r.ret_str;
break;
case oSymmetric:
set_cmd (&cmd, aEncrypt);
opt.symmetric = 1;
break;
case oGpgProgram:
opt.gpg_program = pargs->r.ret_str;
break;
case oSkipCrypto:
skip_crypto = 1;
break;
case oOpenPGP: /* Dummy option for now. */ break;
case oCMS: /* Dummy option for now. */ break;
+ case oBatch: opt.batch = 1; break;
+ case oAnswerYes: opt.answer_yes = 1; break;
+ case oAnswerNo: opt.answer_no = 1; break;
+ case oStatusFD: opt.status_fd = pargs->r.ret_int; break;
+ case oRequireCompliance: opt.require_compliance = 1; break;
+
case oGpgArgs:;
{
strlist_t list;
if (shell_parse_stringlist (pargs->r.ret_str, &list))
log_error ("failed to parse gpg arguments '%s'\n",
pargs->r.ret_str);
else
{
if (opt.gpg_arguments)
strlist_last (opt.gpg_arguments)->next = list;
else
opt.gpg_arguments = list;
}
}
break;
case oTarProgram: /* Dummy option. */
break;
case oTarArgs:
{
int tar_argc;
char **tar_argv;
if (shell_parse_argv (pargs->r.ret_str, &tar_argc, &tar_argv))
log_error ("failed to parse tar arguments '%s'\n",
pargs->r.ret_str);
else
{
gpgrt_argparse_t tar_args;
tar_args.argc = &tar_argc;
tar_args.argv = &tar_argv;
tar_args.flags = ARGPARSE_FLAG_ARG0;
parse_arguments (&tar_args, tar_opts);
gpgrt_argparse (NULL, &tar_args, NULL);
if (tar_args.err)
log_error ("unsupported tar arguments '%s'\n",
pargs->r.ret_str);
pargs->err = tar_args.err;
}
}
break;
case oDryRun:
opt.dry_run = 1;
break;
default: pargs->err = 2; break;
}
}
}
�
/* gpgtar main. */
int
main (int argc, char **argv)
{
gpg_error_t err;
const char *fname;
gpgrt_argparse_t pargs;
gnupg_reopen_std (GPGTAR_NAME);
gpgrt_set_strusage (my_strusage);
log_set_prefix (GPGTAR_NAME, GPGRT_LOG_WITH_PREFIX);
/* Make sure that our subsystems are ready. */
i18n_init();
init_common_subsystems (&argc, &argv);
+ gnupg_init_signals (0, NULL);
log_assert (sizeof (struct ustar_raw_header) == 512);
+ /* Set default options */
+ opt.status_fd = -1;
+
/* Parse the command line. */
pargs.argc = &argc;
pargs.argv = &argv;
pargs.flags = ARGPARSE_FLAG_KEEP;
parse_arguments (&pargs, opts);
gpgrt_argparse (NULL, &pargs, NULL);
if (log_get_errorcount (0))
exit (2);
/* Print a warning if an argument looks like an option. */
if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
{
int i;
for (i=0; i < argc; i++)
if (argv[i][0] == '-' && argv[i][1] == '-')
log_info (_("NOTE: '%s' is not considered an option\n"), argv[i]);
}
if (! opt.gpg_program)
opt.gpg_program = gnupg_module_name (GNUPG_MODULE_NAME_GPG);
if (opt.verbose > 1)
opt.debug_level = 1024;
switch (cmd)
{
case aList:
if (argc > 1)
gpgrt_usage (1);
fname = argc ? *argv : NULL;
if (opt.filename)
log_info ("note: ignoring option --set-filename\n");
if (files_from)
log_info ("note: ignoring option --files-from\n");
err = gpgtar_list (fname, !skip_crypto);
if (err && log_get_errorcount (0) == 0)
log_error ("listing archive failed: %s\n", gpg_strerror (err));
break;
case aEncrypt:
case aSign:
case aSignEncrypt:
if ((!argc && !files_from)
|| (argc && files_from))
gpgrt_usage (1);
if (opt.filename)
log_info ("note: ignoring option --set-filename\n");
err = gpgtar_create (files_from? NULL : argv,
files_from,
null_names,
!skip_crypto
&& (cmd == aEncrypt || cmd == aSignEncrypt),
cmd == aSign || cmd == aSignEncrypt);
if (err && log_get_errorcount (0) == 0)
log_error ("creating archive failed: %s\n", gpg_strerror (err));
break;
case aDecrypt:
if (argc != 1)
gpgrt_usage (1);
if (opt.outfile)
log_info ("note: ignoring option --output\n");
if (files_from)
log_info ("note: ignoring option --files-from\n");
fname = argc ? *argv : NULL;
err = gpgtar_extract (fname, !skip_crypto);
if (err && log_get_errorcount (0) == 0)
log_error ("extracting archive failed: %s\n", gpg_strerror (err));
break;
default:
log_error (_("invalid command (there is no implicit command)\n"));
break;
}
return log_get_errorcount (0)? 1:0;
}
/* Read the next record from STREAM. RECORD is a buffer provided by
- the caller and must be at leadt of size RECORDSIZE. The function
+ the caller and must be at least of size RECORDSIZE. The function
return 0 on success and error code on failure; a diagnostic
printed as well. Note that there is no need for an EOF indicator
because a tarball has an explicit EOF record. */
gpg_error_t
read_record (estream_t stream, void *record)
{
gpg_error_t err;
size_t nread;
nread = es_fread (record, 1, RECORDSIZE, stream);
if (nread != RECORDSIZE)
{
err = gpg_error_from_syserror ();
if (es_ferror (stream))
log_error ("error reading '%s': %s\n",
es_fname_get (stream), gpg_strerror (err));
else
log_error ("error reading '%s': premature EOF "
"(size of last record: %zu)\n",
es_fname_get (stream), nread);
}
else
err = 0;
return err;
}
/* Write the RECORD of size RECORDSIZE to STREAM. FILENAME is the
name of the file used for diagnostics. */
gpg_error_t
write_record (estream_t stream, const void *record)
{
gpg_error_t err;
size_t nwritten;
nwritten = es_fwrite (record, 1, RECORDSIZE, stream);
if (nwritten != RECORDSIZE)
{
err = gpg_error_from_syserror ();
log_error ("error writing '%s': %s\n",
es_fname_get (stream), gpg_strerror (err));
}
else
err = 0;
return err;
}
/* Return true if FP is an unarmored OpenPGP message. Note that this
function reads a few bytes from FP but pushes them back. */
#if 0
static int
openpgp_message_p (estream_t fp)
{
int ctb;
ctb = es_getc (fp);
if (ctb != EOF)
{
if (es_ungetc (ctb, fp))
log_fatal ("error ungetting first byte: %s\n",
gpg_strerror (gpg_error_from_syserror ()));
if ((ctb & 0x80))
{
switch ((ctb & 0x40) ? (ctb & 0x3f) : ((ctb>>2)&0xf))
{
case PKT_MARKER:
case PKT_SYMKEY_ENC:
case PKT_ONEPASS_SIG:
case PKT_PUBKEY_ENC:
case PKT_SIGNATURE:
case PKT_COMMENT:
case PKT_OLD_COMMENT:
case PKT_PLAINTEXT:
case PKT_COMPRESSED:
case PKT_ENCRYPTED:
return 1; /* Yes, this seems to be an OpenPGP message. */
default:
break;
}
}
}
return 0;
}
#endif
diff --git a/tools/gpgtar.h b/tools/gpgtar.h
index 02b2d358c..c403835b5 100644
--- a/tools/gpgtar.h
+++ b/tools/gpgtar.h
@@ -1,150 +1,155 @@
/* gpgtar.h - Global definitions for gpgtar
* Copyright (C) 2010 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
*/
#ifndef GPGTAR_H
#define GPGTAR_H
#include "../common/util.h"
#include "../common/strlist.h"
/* We keep all global options in the structure OPT. */
EXTERN_UNLESS_MAIN_MODULE
struct
{
int verbose;
unsigned int debug_level;
int quiet;
int dry_run;
int utf8strings;
const char *gpg_program;
strlist_t gpg_arguments;
const char *outfile;
strlist_t recipients;
const char *user;
int symmetric;
const char *filename;
const char *directory;
+ int batch;
+ int answer_yes;
+ int answer_no;
+ int status_fd;
+ int require_compliance;
} opt;
/* An info structure to avoid global variables. */
struct tarinfo_s
{
unsigned long long nblocks; /* Count of processed blocks. */
unsigned long long headerblock; /* Number of current header block. */
};
typedef struct tarinfo_s *tarinfo_t;
/* The size of a tar record. All IO is done in chunks of this size.
Note that we don't care about blocking because this version of tar
is not expected to be used directly on a tape drive in fact it is
used in a pipeline with GPG and thus any blocking would be
useless. */
#define RECORDSIZE 512
/* Description of the USTAR header format. */
struct ustar_raw_header
{
char name[100];
char mode[8];
char uid[8];
char gid[8];
char size[12];
char mtime[12];
char checksum[8];
char typeflag[1];
char linkname[100];
char magic[6];
char version[2];
char uname[32];
char gname[32];
char devmajor[8];
char devminor[8];
char prefix[155];
char pad[12];
};
/* Filetypes as defined by USTAR. */
typedef enum
{
TF_REGULAR,
TF_HARDLINK,
TF_SYMLINK,
TF_CHARDEV,
TF_BLOCKDEV,
TF_DIRECTORY,
TF_FIFO,
TF_RESERVED,
TF_GEXTHDR, /* Global extended header. */
TF_EXTHDR, /* Extended header. */
TF_UNKNOWN, /* Needs to be treated as regular file. */
TF_NOTSUP /* Not supported (used with --create). */
} typeflag_t;
/* The internal representation of a TAR header. */
struct tar_header_s;
typedef struct tar_header_s *tar_header_t;
struct tar_header_s
{
tar_header_t next; /* Used to build a linked list of entries. */
unsigned long mode; /* The file mode. */
unsigned long nlink; /* Number of hard links. */
unsigned long uid; /* The user id of the file. */
unsigned long gid; /* The group id of the file. */
unsigned long long size; /* The size of the file. */
unsigned long long mtime; /* Modification time since Epoch. Note
that we don't use time_t here but a
type which is more likely to be larger
that 32 bit and thus allows tracking
times beyond 2106. */
typeflag_t typeflag; /* The type of the file. */
unsigned long long nrecords; /* Number of data records. */
char name[1]; /* Filename (UTF-8, dynamically extended). */
};
/*-- gpgtar.c --*/
gpg_error_t read_record (estream_t stream, void *record);
gpg_error_t write_record (estream_t stream, const void *record);
/*-- gpgtar-create.c --*/
gpg_error_t gpgtar_create (char **inpattern, const char *files_from,
int null_names, int encrypt, int sign);
/*-- gpgtar-extract.c --*/
gpg_error_t gpgtar_extract (const char *filename, int decrypt);
/*-- gpgtar-list.c --*/
gpg_error_t gpgtar_list (const char *filename, int decrypt);
gpg_error_t gpgtar_read_header (estream_t stream, tarinfo_t info,
tar_header_t *r_header, strlist_t *r_extheader);
void gpgtar_print_header (tar_header_t header, strlist_t extheader,
estream_t out);
#endif /*GPGTAR_H*/