diff --git a/NEWS b/NEWS index d2de8e2..be0f300 100644 --- a/NEWS +++ b/NEWS @@ -1,80 +1,80 @@ -Noteworthy changes in version 1.6.0 (unreleased) +Noteworthy changes in version 1.6.0 (2019-09-11) ------------------------------------------------ * Support for PIV cards. * Speedup by letting GPGSM select missing keys. * License change to LGPL-2.1-or-later. (See commit 60a071e3b7b2885ce994667a9186173772f3a647). * Requires at a minimum the current stable version of GnuPG (2.2.0) but advanced PIV card support needs the current GnuPG development version. Noteworthy changes in version 1.5.0 (2017-07-14) ------------------------------------------------ * Support for TLS 1.2 client authentication and S/MIME signing. * Support for 4096 bit keys. * Support for GnuPG 2.1. * C_GenerateRandom is implemented. Noteworthy changes in version 1.4.0 (2010-04-21) ------------------------------------------------ * Update to libassuan 2.0.0 interface. Noteworthy changes in version 1.3.0 (2009-06-19) ------------------------------------------------ * Scute can read certificates directly from the OpenPGP 2.0 cards. * Support for 2048 bit keys. Noteworthy changes in version 1.2.0 (2008-09-02) ------------------------------------------------ * Ported to Windows 32. * GPG Agent can now be launched on demand. Noteworthy changes in version 1.1.0 (2007-05-03) ------------------------------------------------ * Scute now comes with a manual. * Code licensed from RSA Security Inc. has been removed due to licensing issues ("advertisment clause"). * A memory leak has been fixed. Note that you need libassuan 1.0.1 to fix another memory leak. * Scute now supports certificates larger than the kernel pipe buffer with GPGSM versions later than 2.0.0 (exclusive). * Scute now sets the CKA_TRUSTED attribute to something useful. Noteworthy changes in version 1.0.0 (2006-11-11) ------------------------------------------------ * Initial release. Copyright 2006, 2009, 2010 g10 Code GmbH This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without modifications, as long as this notice is preserved. This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/README b/README index 89c2269..1fb18f4 100644 --- a/README +++ b/README @@ -1,414 +1,414 @@ Scute ===== This is a PKCS #11 implementation for the GnuPG Agent using smart cards managed by GnuPG's scdaemon. Currently, OpenPGP and PIV cards are supported. TOC === * Purpose * Prerequisites * Installation * Client Authentication * Troubleshooting * Features and Limitations * Development * Mozilla Bugs * Copyright and License Purpose ======= Scute enables you to use your OpenPGP or PIV smart card for client authentication with SSL in Mozilla. See below for more details on how to get this working. Scute also allows you to sign emails with Thunderbird, using the S/MIME protocol, and to sign OpenDocument and PDF files with LibreOffice. Prerequisites ============= For the compilation: * libgpg-error 1.24 * libassuan 2.5.0 At runtime: * Firefox, Thunderbird or any other supported application using PKCS #11. * GnuPG 2.2 * Pinentry (GnuPG 2.2 is also required at build time if the tests are to be run.) Installation ============ To install the PKCS #11 Module, follow the generic installation instructions in the file INSTALL that accompanies this software. -After installation, you can configure Firefox or Thunderbord to use Scute by +After installation, you can configure Firefox or Thunderbird to use Scute by visiting the preferences dialog in the "advanced" category, under "Security Devices". There you can "load" the module from its installed path, e.g. "/usr/lib/scute.so". Client Authentication ===================== For client authentication to work, several steps need to be completed. Depending on your situation, some of these steps may be performed by third parties, like service providers. However, they can also all be performed locally, if use of client authentication with a local service is desired. For this introduction, we assume an Apache web server with SSL at the server side, and a connecting client running Firefox. As a certification authority (CA) we use OpenSSL. Scute provides a PKCS #11 compatible security device to Firefox for client authentication. This security device gives Firefox access to the client's OpenPGP smart card. The Client Perspective ---------------------- To get things started, we have to prepare an initialised OpenPGP smart card by uploading an off-card key or generating a key on the card. The card you got may already have been initialised. Otherwise, you can find more information on this step in the smartcard HowTo, which also documents other basic card operations: https://gnupg.org/howtos/card-howto/en/smartcard-howto.html Once the card is initialised, we have to generate a certificate signing request (CSR) to get the authentication key of the card (OPENPGP.3, the third key on the card) certified by the CA. This can be done using "gpgsm --gen-key". For the CSR, a distinguished name (DN) is required. Your CA will have more information about what this DN should contain. Below we use an example for a test-employee "Floppy Head" of the test-CA that ships with OpenSSL ("Snake Oil, Ltd."). Generating the CSR is then just a matter of answering a few questions: $ gpgsm --gen-key > client.csr Please select what kind of key you want: (1) RSA (2) Existing key (3) Existing key from card Your selection? 3 Serial number of the card: 355F9746499F0D4B4ECEE4928B007D16 Available keys: (1) D53137B94C38D9BF6A199706EA6D5253 OPENPGP.1 (2) B0CD1A9DFC3539A1D6A8B851A11C8665 OPENPGP.2 (3) 53DB41052CC590A40B403F3E6350E5DC OPENPGP.3 Your selection? 3 Possible actions for a RSA key: (1) sign, encrypt (2) sign (3) encrypt Your selection? 2 Enter the X.509 subject name: CN=Floppy Head,OU="Webserver Team",O="Snake Oil, Ltd",L="Snake Town",ST="Snake Desert",C=XY Enter email addresses (end with an empty line): > floppy.head@example.org > Enter DNS names (optional; end with an empty line): > Enter URIs (optional; end with an empty line): > Create self-signed certificate? (y/N) n These parameters are used: Key-Type: card:OPENPGP.3 Key-Length: 1024 Key-Usage: sign Name-DN: CN=Floppy Head,OU="Webserver Team",O="Snake Oil, Ltd",L="Snake Town",ST="Snake Desert",C=XY Name-Email: floppy.head@example.org Proceed with creation? (y/N) y Now creating certificate request. This may take a while ... gpgsm: about to sign the CSR for key: &53DB41052CC590A40B403F3E6350E5DC gpgsm: certificate request created Ready. You should now send this request to your CA. It is required to enter the signing PIN of the card to complete this step. The certificate can then be found in the file "/tmp/floppy.csr". This file should then be sent to the CA for certification (see below). The CA will return to the client a certificate "/tmp/floppy.crt", who can then import the issuer certificate of the CA (in this example, we access directly the local server certificate) and its own certificate with gpgsm: $ gpgsm --import /etc/apache/ssl.crt/snakeoil-ca-rsa.crt gpgsm: total number processed: 1 gpgsm: imported: 1 marcus@ulysses:~/g10/projects/pkcs11-for-scdaemon/ca/usercert/card3$ gpgsm --import /tmp/floppy.crt gpgsm: total number processed: 1 gpgsm: unchanged: 1 $ gpgsm --list-keys Floppy Serial number: 08 Issuer: /CN=Snake Oil CA/OU=Certificate Authority/O=Snake Oil, Ltd/L=Snake Town/ST=Snake Desert/C=XY/EMail=ca@snakeoil.dom Subject: /CN=Floppy Head/OU=Webserver Team/O=Snake Oil, Ltd/ST=Snake Desert/C=XY validity: 2006-10-11 13:17:08 through 2007-10-11 13:17:08 key type: 1024 bit RSA fingerprint: C9:08:0E:86:92:6C:7B:4B:8C:23:1C:9D:D7:15:BF:D4:A4:00:54:11 Now the client can configure his web browser. If desired, the client can install the web servers certificate (alternatively, Firefox will ask when establishing the initial connection). To actually perform the client authentication, the client needs to set up the web browser for use with Scute. The Scute PKCS #11 module, installed under /usr/lib/scute.so by default, needs to be loaded as a security device in Firefox under Preferences->Advanced->Security->Certificates->Security Devices->Load When the security device is loaded, card insertion should cause the security device list be updated with the inserted token (the card), and the certificate that has been imported into gpgsm should be visible under Preferences->Advanced->Security->Certificates->View Certificates automatically. Firefox will by default select the certificate to be used for client authentication automatically from the list of available certificates. This setting can be changed if desired in Preferences->Advanced->Security->Certificates ("Select one automatically" vs. "Ask me every time") When the client then attempts to open the URL "https://localhost/" in this example, the web server will require SSL authentication, which causes Firefox to look (or ask) for a client certificate. If the certificate on the card is suitable (or selected), the user will have to enter the PIN number on the card to sign into the web site. The CA Perspective ------------------ The CA will have to process the CSR submitted by the client. After verifying the identity of the submitter by some external means, the CA may use for example this OpenSSL command to create a certificate (we use the example CA shipping with the Apache SSL module on Ubuntu): # cd /etc/apache/ssl.crt/ # openssl ca -in /tmp/floppy.csr -cert /etc/apache/ssl.crt/snakeoil-ca-rsa.crt -keyfile /etc/apache/ssl.key/snakeoil-ca-rsa.key -out /tmp/floppy.crt Using configuration from /usr/lib/ssl/openssl.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 8 (0x8) Validity Not Before: Oct 11 13:17:08 2006 GMT Not After : Oct 11 13:17:08 2007 GMT Subject: countryName = XY stateOrProvinceName = Snake Desert organizationName = Snake Oil, Ltd organizationalUnitName = Webserver Team commonName = Floppy Head X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 72:AF:B8:13:3D:3D:9D:02:93:E4:D4:56:0C:06:90:4C:26:85:85:5D X509v3 Authority Key Identifier: DirName:/C=XY/ST=Snake Desert/L=Snake Town/O=Snake Oil, Ltd/OU=Certificate Authority/CN=Snake Oil CA/emailAddress=ca@snakeoil.dom serial:00 Certificate is to be certified until Oct 11 13:17:08 2007 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated The resulting file, "/tmp/floppy.crt" is sent back from the CA to the client along with the issuer certificate. For more information how to set up and work with a CA using OpenSSL, please see the OpenSSL documentation. The Server Perspective ---------------------- The service provider will set up an Apache web server with SSL support, and configure it to accept certificates from the CA. This step is quite involved. Garex has a concise HowTo online at https://www.garex.net/apache/ about how to do this. Beside the creation of a certificate that has its own fully qualified domain name (FQDN) as common name (CN part of the DN), this involves installing the Apache SSL module and configuration for it, for example in httpd.conf: SSLEngine on SSLCertificateFile /etc/apache/ssl.crt/server.crt SSLCertificateKeyFile /etc/apache/ssl.key/server.key SSLVerifyClient require SSLVerifyDepth 1 SSLCACertificateFile /etc/apache/ssl.crt/snakeoil-ca-rsa.crt The file server.key is not protected by a passphrase (if it is, this passphrase needs to be provided when starting up Apache), and server.crt has "CN=localhost" as part of its DN for this example. Troubleshooting =============== Symptom: Loading the Scute security device in the security device manager of Firefox fails with "Unable to load module". Solution: Make sure that Scute is correctly installed, and that all libraries and executables are available. Make sure that gpg-agent is running and can be found via the environment variable GPG_AGENT_INFO. Symptom: Client authentication fails with " has received an incorrect or unexpected message. Error code: -12227". Solution: Make sure that the correct OpenPGP card is inserted and the certificate available in GPGSM. Check that the OpenPGP card is detected correctly in the security device manager and the corresponding certificate is displayed in the certificate manager of Firefox. Symptom: The OpenPGP card is detected and displayed in the security device manager in Firefox, but no corresponding certificate is displayed in the certificate manager of Firefox. Solution: Make sure that the corresponding certificate is imported in GPGSM. Features and Limitations ======================== Scute implements version 2.20 of the PKCS #11 specification. The OpenPGP smart card application is supported in read-only mode. The following functions are not supported: * C_Initialize: No support for native thread package. Locking callbacks must be provided if multi-threaded operation is desired. * C_WaitForSlotEvent: Not implemented. The interface as specified by PKCS #11 is broken anyway, as the function can not safely be canceled. Thus, we require polling. * C_GetOperationState, C_SetOperationState: Not supported. * C_InitToken, C_InitPIN, C_SetPIN: Not supported. No write operations are allowed. To configure the token, please use the tools accompanying the GnuPG software suite. * C_Login, C_Logout: Not supported. No login into the token by the software is required. Passphrase queries are implemented by the use of GPG Agent and Pinentry. * C_EncryptInit, C_Encrypt, C_EncryptUpdate, C_EncryptFinal, C_DigestInit, C_Digest, C_DigestUpdate, C_DigestKey, C_DigestFinal, C_VerifyInit, C_Verify, C_VerifyUpdate, C_VerifyFinal, C_VerifyRecoverInit, C_VerifyRec: Not supported. Only secret key operations are supported. * C_DecryptInit, C_Decrypt: Not yet supported, but will be in the future. * C_SignUpdate, C_SignFinal, C_DecryptUpdate, C_DecryptFinal: No progressive crypto-operations are supported. * C_SignRecoverInit, C_SignRecover: Not supported. * C_DigestEncryptUpdate, C_DecryptDigestUpdate, C_SignEncryptUpdate, C_DecryptVerifyUpdate: Dual-purpose cryptographic functions are not supported. * C_GenerateKey, C_GenerateKeyPair, C_WrapKey, C_UnwrapKey, C_DeriveKey: Key management functions are not supported. Please use the tools accompanying the GnuPG software suite to generate and import keys for use with the token. * C_SeedRandom: Not supported. * C_CreateObject, C_CopyObject, C_DestroyObject, C_SetAttributeValue: Only read-only operations are supported on objects. * C_GetObjectSize: Not supported. * CKO_CERTIFICATE: The label specifies the key on the card used (e.g. OPENPGP.3). The ID is the fingerprint. * CKO_PRIVATE_KEY: The CKA_LOCAL attribute can not be supported by the OpenPGP card. It is always set to false (as the key on the card may be copied to the card from an external source). Development =========== Scute is single-threaded. There is a global lock that is taken in all entry points of Scute, except for C_Initialize, C_Finalize, C_GetFunctionList, and stubs. Here are a couple of hints on how to develop PKCS #11 modules for Mozilla: libopensc2 ships with a pkcs11-spy library that can be loaded as a wrapper around the PKCS #11 library you want to use to log all functions invoked by Mozilla. Here is how to use it: Set the PKCS11SPY_OUTPUT environment variable to a filename. pkcs11-spy appends its log messages at the end of this file. Set the PKCS11SPY environment variable to the filename of the PKCS #11 module you actually want to use. Start Mozilla within this environment. There is a different, probably more powerful way to debug Mozilla PKCS #11 libraries. However, to be able to use it, you need to configure and compile the Mozilla NSS sources with --enable-debug. Instructions can be found at: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/nss_tech_notes/nss_tech_note2 More informations about implementing a PKCS #11 module for Mozilla can be found on the Mozilla NSS web page: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS#PKCS_11_information The following links point to archived pages from the Mozilla documentation on that topic (the content may be outdated): Common PKCS #11 Implementation Problems https://www-archive.mozilla.org/projects/security/pki/pkcs11/netscape/problems.html PKCS #11 Conformance Testing https://www-archive.mozilla.org/projects/security/pki/pkcs11/ Copyright and License ===================== Scute is copyrighted by g10 Code GmbH and licensed under the GNU Lesser General Public License version 2.1 or later. See the file COPYING.LESSER for details. Copyright 2006, 2009 g10 Code GmbH This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without modifications, as long as this notice is preserved. This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/configure.ac b/configure.ac index d693c72..7361c3f 100644 --- a/configure.ac +++ b/configure.ac @@ -1,347 +1,347 @@ # configure.ac: Configure script for Scute. # Copyright (C) 2006, 2007, 2008, 2009, 2010, 2015 g10 Code GmbH # # This file is part of Scute. # # Scute is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as # published by the Free Software Foundation; either version 2.1 of # the License, or (at your option) any later version. # # Scute is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . # SPDX-License-Identifier: LGPL-2.1-or-later # Process this file with autoconf to produce a configure script. AC_PREREQ(2.61) min_automake_version="1.14" # To build a release you need to create a tag with the version number # (git tag -s scute-1.n.m) and run "./autogen.sh --force". Please # bump the version number immediately *after* the release and do # another commit and push so that the git magic is able to work. m4_define([mym4_package],[scute]) m4_define([mym4_major], [1]) m4_define([mym4_minor], [6]) m4_define([mym4_micro], [0]) # To start a new development series, i.e a new major or minor number # you need to mark an arbitrary commit before the first beta release # with an annotated tag. For example the 1.5 branch starts off with # the tag "scute-1.5-base". This is used as the base for counting # beta numbers before the first release of a series. # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a # flag indicating a development version (mym4_isbeta). Note that the # m4 processing is done by autoconf and not during the configure run. m4_define([mym4_verslist], m4_split(m4_esyscmd([./autogen.sh --find-version] \ mym4_package mym4_major mym4_minor mym4_micro),[:])) m4_define([mym4_isbeta], m4_argn(2, mym4_verslist)) m4_define([mym4_version], m4_argn(4, mym4_verslist)) m4_define([mym4_revision], m4_argn(7, mym4_verslist)) m4_define([mym4_revision_dec], m4_argn(8, mym4_verslist)) m4_esyscmd([echo ]mym4_version[>VERSION]) AC_INIT([mym4_package],[mym4_version], [https://bugs.gnupg.org]) # LT Version numbers, remember to change them just *before* a release. # (Code changed: REVISION++) # (Interfaces added/removed/changed: CURRENT++, REVISION=0) # (Interfaces added: AGE++) # (Interfaces removed/changed: AGE=0) # LIBSCUTE_LT_CURRENT=0 LIBSCUTE_LT_AGE=0 -LIBSCUTE_LT_REVISION=3 +LIBSCUTE_LT_REVISION=4 # Version numbers reported by the PKCS #11 module to its users. VERSION_MAJOR=1 VERSION_MINOR=0 NEED_GPG_ERROR_VERSION=1.24 NEED_LIBASSUAN_VERSION=2.5.0 # Some status variables to give feedback at the end of a configure run. have_gpg_error=no have_libassuan=no # # Provide information about the build. # BUILD_REVISION="mym4_revision" BUILD_REVISION_DEC="mym4_revision_dec" PACKAGE=$PACKAGE_NAME VERSION=$PACKAGE_VERSION AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_SRCDIR([src/cryptoki.h]) AC_CONFIG_HEADER([config.h]) AC_CONFIG_MACRO_DIR(m4) AM_INIT_AUTOMAKE AM_MAINTAINER_MODE AC_CANONICAL_HOST # Autobuilder support. AB_INIT # Enable GNU extensions on systems that have them. AC_GNU_SOURCE AH_VERBATIM([_REENTRANT], [/* To allow the use of scute in multithreaded programs we have to use special features from the library. */ #ifndef _REENTRANT # define _REENTRANT 1 #endif]) # Checks for programs. AC_PROG_CC # Note: A suitable gitlog-to-changelog script can be found in GnuPG master. AC_CHECK_PROGS(GITLOG_TO_CHANGELOG, gitlog-to-changelog, [gitlog-to-changelog]) # # Setup gcc specific options # AC_MSG_NOTICE([checking for cc features]) if test "$GCC" = yes; then mycflags= mycflags_save=$CFLAGS # Check whether gcc does not emit a diagnositc for unknow -Wno-* # options. This is the case for gcc >= 4.6 AC_MSG_CHECKING([if gcc ignores unknown -Wno-* options]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #if __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 6 ) #kickerror #endif]],[])],[_gcc_silent_wno=yes],[_gcc_silent_wno=no]) AC_MSG_RESULT($_gcc_silent_wno) # Note that it is okay to use CFLAGS here because these are just # warning options and the user should have a chance of overriding # them. if test "$USE_MAINTAINER_MODE" = "yes"; then mycflags="$mycflags -O3 -Wall -Wcast-align -Wshadow -Wstrict-prototypes" mycflags="$mycflags -Wformat -Wno-format-y2k -Wformat-security" if test x"$_gcc_silent_wno" = xyes ; then _gcc_wopt=yes else AC_MSG_CHECKING([if gcc supports -Wno-missing-field-initializers]) CFLAGS="-Wno-missing-field-initializers" AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])], [_gcc_wopt=yes],[_gcc_wopt=no]) AC_MSG_RESULT($_gcc_wopt) fi if test x"$_gcc_wopt" = xyes ; then mycflags="$mycflags -W -Wno-sign-compare" mycflags="$mycflags -Wno-missing-field-initializers" fi AC_MSG_CHECKING([if gcc supports -Wdeclaration-after-statement]) CFLAGS="-Wdeclaration-after-statement" AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no) AC_MSG_RESULT($_gcc_wopt) if test x"$_gcc_wopt" = xyes ; then mycflags="$mycflags -Wdeclaration-after-statement" fi else mycflags="$mycflags -Wall" fi if test x"$_gcc_silent_wno" = xyes ; then _gcc_psign=yes else AC_MSG_CHECKING([if gcc supports -Wno-pointer-sign]) CFLAGS="-Wno-pointer-sign" AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])], [_gcc_psign=yes],[_gcc_psign=no]) AC_MSG_RESULT($_gcc_psign) fi if test x"$_gcc_psign" = xyes ; then mycflags="$mycflags -Wno-pointer-sign" fi AC_MSG_CHECKING([if gcc supports -Wpointer-arith]) CFLAGS="-Wpointer-arith" AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_psign=yes,_gcc_psign=no) AC_MSG_RESULT($_gcc_psign) if test x"$_gcc_psign" = xyes ; then mycflags="$mycflags -Wpointer-arith" fi CFLAGS="$mycflags $mycflags_save" fi AC_ARG_ENABLE(optimization, AC_HELP_STRING([--disable-optimization], [disable compiler optimization]), [if test $enableval = no ; then CFLAGS=`echo $CFLAGS | sed 's/-O[[0-9]]//'` fi]) AC_SUBST(LIBSCUTE_LT_CURRENT) AC_SUBST(LIBSCUTE_LT_AGE) AC_SUBST(LIBSCUTE_LT_REVISION) AC_SUBST(PACKAGE) AC_SUBST(VERSION) AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of this package]) AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version of this package]) AC_DEFINE_UNQUOTED(VERSION_MAJOR, $VERSION_MAJOR, [Major version number]) AC_DEFINE_UNQUOTED(VERSION_MINOR, $VERSION_MINOR, [Minor version number]) # Don't default to build static libs. # FIXME: Caution: Evil hack ahead. Libtool does not support linking a # static library to a shared library. But for libassuan, we need this. # Instead adding a lot of junk to Makefile.am to get this, we just override # all safety checks here. We are driving without seat belts now! # http://lists.cairographics.org/archives/cairo/2009-April/016962.html lt_cv_deplibs_check_method=pass_all LT_PREREQ([2.2.6]) LT_INIT([win32-dll disable-static]) LT_LANG([Windows Resource]) # For now we hardcode the use of version scripts. It would be better # to write a test for this or even implement this within libtool. have_ld_version_script=no case "${host}" in *-*-linux*) have_ld_version_script=yes ;; *-*-gnu*) have_ld_version_script=yes ;; *-apple-darwin*) AC_DEFINE(_DARWIN_C_SOURCE, 900000L, Expose all libc features (__DARWIN_C_FULL).) AC_DEFINE(_XOPEN_SOURCE, 500, Activate POSIX interface on MacOS X) ;; esac AM_CONDITIONAL(HAVE_LD_VERSION_SCRIPT, test "$have_ld_version_script" = "yes") have_w32_system=no have_darwin_system=no case "${host}" in *-mingw32*) # special stuff for Windows NT have_w32_system=yes ;; *-apple-darwin*) have_darwin_system=yes ;; *) ;; esac if test "$have_w32_system" = yes; then AC_DEFINE(HAVE_W32_SYSTEM,1, [Defined if we run on a W32 API based system]) fi AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes) AM_CONDITIONAL(HAVE_DARWIN_SYSTEM, test "$have_darwin_system" = yes) # Generate values for the DLL version info if test "$have_w32_system" = yes; then BUILD_TIMESTAMP=`date --iso-8601=minutes` changequote(,)dnl BUILD_FILEVERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./;s/\./,/g'` changequote([,])dnl BUILD_FILEVERSION="${BUILD_FILEVERSION}${BUILD_REVISION_DEC}" fi AC_SUBST(BUILD_REVISION) AC_SUBST(BUILD_REVISION_DEC) AC_SUBST(BUILD_TIMESTAMP) AC_SUBST(BUILD_FILEVERSION) # The error code library. Error codes are sent over the IPC layer and # have to be interpreted. AM_PATH_GPG_ERROR("$NEED_GPG_ERROR_VERSION", have_gpg_error=yes, have_gpg_error=no) # The IPC library. AM_PATH_LIBASSUAN("$NEED_LIBASSUAN_VERSION", have_libassuan=yes, have_libassuan=no) # Checks for header files. AC_HEADER_STDC AC_CHECK_HEADERS([stdlib.h string.h]) # Checks for typedefs, structures, and compiler characteristics. AC_HEADER_STDBOOL AC_C_INLINE # Checks for library functions. AC_CHECK_FUNCS([ttyname localtime_r timegm stpcpy]) # Check for programs needed for the manual. AC_CHECK_PROG(CONVERT, convert, convert) AC_CHECK_PROG(EPSTOPDF, epstopdf, epstopdf) # Test if tests can be run ok=yes AM_CONDITIONAL(RUN_TESTS, test "$ok" = "yes") AH_BOTTOM([ /* Prefix all estream functions. */ #define _ESTREAM_EXT_SYM_PREFIX _scute_ ]) # Print errors here so that they are visible all # together and the user can acquire them all together. die=no if test "$have_gpg_error" = "no"; then die=yes AC_MSG_NOTICE([[ *** *** You need libgpg-error to build this program. ** This library is for example available at *** ftp://ftp.gnupg.org/pub/gcrypt/libgpg-error *** (at least version $NEED_GPG_ERROR_VERSION is required.) ***]]) fi if test "$have_libassuan" = "no"; then die=yes AC_MSG_NOTICE([[ *** *** You need libassuan to build this program. *** This library is for example available at *** ftp://ftp.gnupg.org/pub/gcrypt/alpha/libassuan/ *** (at least version $NEED_LIBASSUAN_VERSION is required). ***]]) fi if test "$die" = "yes"; then AC_MSG_ERROR([[ *** *** Required libraries not found. Please consult the above messages *** and install them before running configure again. ***]]) fi AC_CONFIG_FILES([Makefile m4/Makefile src/Makefile tests/Makefile doc/manual/Makefile doc/Makefile src/versioninfo.rc]) AC_OUTPUT echo " Scute v${VERSION} has been configured as follows: Revision: mym4_revision (mym4_revision_dec) Platform: $host " diff --git a/doc/website/download.xhtml b/doc/website/download.xhtml index c7dc12a..d0cee79 100644 --- a/doc/website/download.xhtml +++ b/doc/website/download.xhtml @@ -1,202 +1,216 @@ Scute

Download

Scute is currently available in source format only, and should compile on any recent GNU/Linux system. It can also be cross-built for Windows 32-bit using MingW32.

The most recent release of Scute is version 1.5.0.

+ + + + + + + +
Scute source distributions.
Description Version Date Size Tarball Signature
Scute source distribution1.6.02019-09-11985 kB + + download + + + download +
Scute source distribution 1.5.0 2017-07-14 969 kB download download
Scute source distribution 1.4.0 2010-04-21 755 kB download download
Scute source distribution 1.3.0 2009-06-20 754 kB download download
Scute source distribution 1.2.0 2008-09-02 731 kB download download
Scute source distribution 1.1.0 2007-05-02 675 kB download download
Scute source distribution 1.0.0 2006-11-11 325 kB download download

Prerequisites

Scute requires the following packages to compile:
Compile-time dependencies of Scute
PackageMin. Version
libgpg-error1.24
libassuan2.5.0

Scute also requires the following packages to run:
Run-time dependencies of Scute
PackageMin. Version
Firefoxany
GnuPG2.2
PinEntry0.7.0

Installation

Canonical installation instructions can be found in the file INSTALL in the top-level directory of the source package. Instructions for users of Scute are available in the documentation section.

Development

The source of Scute is managed using the GIT distributed revision control system. The repository can be retrieved with the following command: 

 	    $ git clone git://git.gnupg.org/scute.git
Please send an e-mail to the GnuPG development mailing list if you are interested in participating in the Scute development.

A web interface to the Scute source repository is available on-line, and contains up-to-date as well as archived versions of all files included in the Scute source package, including the most recent development changes.