Use the keyboxd for a fresh install

* common/homedir.c (gnupg_maybe_make_homedir): Also create a
common.conf.
* g10/keydb.c: Include comopt.h.
(maybe_create_keyring_or_box): Detect the creation of a common.conf.
* g10/gpg.c (main): Avoid adding more resources in this case.
* sm/keydb.c:  Include comopt.h.
(maybe_create_keybox): Detect the creation of a common.conf.

* common/comopt.h (comopt): Remove the conditional "extern".

8 files changed, 110 insertions, 18 deletions

diff --git a/NEWS b/NEWS
index 6d46e1d34..7ca5b1335 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,9 @@
 Noteworthy changes in version 2.4.1 (unreleased)
 ------------------------------------------------
 
+  * If the ~/.gnupg home directory does not exist, the keyboxd is now
+    automagically enabled.
+
   * gpg: New option --add-desig-revoker.  [rG3d094e2bcf]
 
   * gpg: New list-option "show-unusable-sigs".  Also show
diff --git a/README b/README
index b9bf7805e..84a8bacfd 100644
--- a/README
+++ b/README
@@ -128,6 +128,9 @@
   Only public keys and X.509 certificates are managed by the keyboxd;
   private keys are still stored as separate files.
 
+  Since version 2.4.1 the keyboxd will be used by default for a fresh
+  install; i.e. if a ~/.gnupg directory did not yet exist.
+
   Note that there is no automatic migration; if the use-keyboxd option
   is enabled keys are not taken from pubring.kbx.  To migrate existing
   keys to the keyboxd do this:
diff --git a/common/comopt.h b/common/comopt.h
index 7947f35b3..2a27fddac 100644
--- a/common/comopt.h
+++ b/common/comopt.h
@@ -35,7 +35,6 @@
 
 
 /* Common options for all GnuPG components.  */
-EXTERN_UNLESS_MAIN_MODULE
 struct
 {
   char *logfile;     /* Socket used by daemons for logging.  */
diff --git a/common/homedir.c b/common/homedir.c
index 67bbde8f1..091964fc1 100644
--- a/common/homedir.c
+++ b/common/homedir.c
@@ -789,8 +789,42 @@ gnupg_maybe_make_homedir (const char *fname, int quiet)
       if (gnupg_mkdir (fname, "-rwx"))
         log_fatal ( _("can't create directory '%s': %s\n"),
                     fname, strerror(errno) );
-      else if (!quiet )
-        log_info ( _("directory '%s' created\n"), fname );
+      else
+        {
+          estream_t fp;
+          char *fcommon;
+
+          if (!quiet )
+            log_info ( _("directory '%s' created\n"), fname );
+
+#ifdef BUILD_WITH_KEYBOXD
+          /* A new default homedir has been created.  Now create a
+           * common.conf.  */
+          fcommon = make_filename (fname, "common.conf", NULL);
+          fp = es_fopen (fcommon, "wx,mode=-rw-r");
+          if (!fp)
+            {
+              log_info (_("error creating '%s': %s\n"), fcommon,
+                        gpg_strerror (gpg_error_from_syserror ()));
+            }
+          else
+            {
+              if (es_fputs ("use-keyboxd\n", fp) == EOF)
+                {
+                  log_info (_("error writing to '%s': %s\n"), fcommon,
+                            gpg_strerror (es_ferror (fp)
+                                          ? gpg_error_from_syserror ()
+                                          : gpg_error (GPG_ERR_EOF)));
+                  es_fclose (fp);
+                }
+              else if (es_fclose (fp))
+                {
+                  log_info (_("error closing '%s': %s\n"), fcommon,
+                            gpg_strerror (gpg_error_from_syserror ()));
+                }
+            }
+#endif /* BUILD_WITH_KEYBOXD */
+        }
     }
 }
 
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 393267858..b526deeca 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -3915,7 +3915,9 @@ current home directory (@pxref{option --homedir}).
   @efindex common.conf
   This is an optional configuration file read by @command{@gpgname} on
   startup.  It may contain options pertaining to all components of
-  GnuPG.  Its current main use is for the "use-keyboxd" option.
+  GnuPG.  Its current main use is for the "use-keyboxd" option.  If
+  the default home directory @file{~/.gnupg} does not exist, GnuPG creates
+  this directory and a @file{common.conf} file with "use_keyboxd".
 
 @end table
 
diff --git a/g10/gpg.c b/g10/gpg.c
index 84706ca6b..f52d13a76 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -4187,17 +4187,27 @@ main (int argc, char **argv)
      * need to add the keyrings if we are running under SELinux, this
      * is so that the rings are added to the list of secured files.
      * We do not add any keyring if --no-keyring or --use-keyboxd has
-     * been used.  */
+     * been used.  Note that keydb_add_resource may create a new
+     * homedir and also tries to write a common.conf to enable the use
+     * of the keyboxd - in this case a special error code is returned
+     * and use_keyboxd is then also set.  */
     if (!opt.use_keyboxd
         && default_keyring >= 0
         && (ALWAYS_ADD_KEYRINGS
             || (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest)))
       {
+        gpg_error_t tmperr = 0;
+
 	if (!nrings || default_keyring > 0)  /* Add default ring. */
-	    keydb_add_resource ("pubring" EXTSEP_S GPGEXT_GPG,
-                                KEYDB_RESOURCE_FLAG_DEFAULT);
-	for (sl = nrings; sl; sl = sl->next )
-          keydb_add_resource (sl->d, sl->flags);
+          tmperr = keydb_add_resource ("pubring" EXTSEP_S GPGEXT_GPG,
+                                       KEYDB_RESOURCE_FLAG_DEFAULT);
+        if (gpg_err_code (tmperr) == GPG_ERR_TRUE && opt.use_keyboxd)
+          ;  /* The keyboxd has been enabled.  */
+        else
+          {
+            for (sl = nrings; sl; sl = sl->next )
+              keydb_add_resource (sl->d, sl->flags);
+          }
       }
     FREE_STRLIST(nrings);
 
diff --git a/g10/keydb.c b/g10/keydb.c
index 3938d7e16..d2d085291 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -37,6 +37,7 @@
 #include "../kbx/keybox.h"
 #include "keydb.h"
 #include "../common/i18n.h"
+#include "../common/comopt.h"
 
 #include "keydb-private.h"  /* For struct keydb_handle_s */
 
@@ -265,8 +266,24 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create)
           *last_slash_in_filename = save_slash;
           goto leave;
         }
+
+      *last_slash_in_filename = save_slash;
+
+      if (!opt.use_keyboxd
+          && !parse_comopt (GNUPG_MODULE_NAME_GPG, 0)
+          && comopt.use_keyboxd)
+        {
+          /* The above try_make_homedir created a new default hoemdir
+           * and also wrote a new common.conf.  Thus we now see that
+           * use-keyboxd has been set.  Let's set this option and
+           * return a dedicated error code.  */
+          opt.use_keyboxd = comopt.use_keyboxd;
+          rc = gpg_error (GPG_ERR_TRUE);
+          goto leave;
+        }
     }
-  *last_slash_in_filename = save_slash;
+  else
+    *last_slash_in_filename = save_slash;
 
   /* To avoid races with other instances of gpg trying to create or
      update the keyring (it is removed during an update for a short
@@ -555,7 +572,8 @@ keydb_search_desc_dump (struct keydb_search_desc *desc)
  * If KEYDB_RESOURCE_FLAG_READONLY is set and the resource is a
  * keyring (not a keybox), then the keyring is marked as read only and
  * operations just as keyring_insert_keyblock will return
- * GPG_ERR_ACCESS.  */
+ * GPG_ERR_ACCESS.
+ */
 gpg_error_t
 keydb_add_resource (const char *url, unsigned int flags)
 {
@@ -774,9 +792,12 @@ keydb_add_resource (const char *url, unsigned int flags)
  leave:
   if (err)
     {
-      log_error (_("keyblock resource '%s': %s\n"),
-                 filename, gpg_strerror (err));
-      write_status_error ("add_keyblock_resource", err);
+      if (gpg_err_code (err) != GPG_ERR_TRUE)
+        {
+          log_error (_("keyblock resource '%s': %s\n"),
+                     filename, gpg_strerror (err));
+          write_status_error ("add_keyblock_resource", err);
+        }
     }
   else
     any_registered = 1;
diff --git a/sm/keydb.c b/sm/keydb.c
index fbe28f2b9..a12dba19f 100644
--- a/sm/keydb.c
+++ b/sm/keydb.c
@@ -33,6 +33,7 @@
 #include "keydb.h"
 #include "../common/i18n.h"
 #include "../common/asshelp.h"
+#include "../common/comopt.h"
 #include "../kbx/kbx-client-util.h"
 
 
@@ -242,8 +243,23 @@ maybe_create_keybox (char *filename, int force, int *r_created)
           *last_slash_in_filename = save_slash;
           goto leave;
         }
+      *last_slash_in_filename = save_slash;
+
+      if (!opt.use_keyboxd
+          && !parse_comopt (GNUPG_MODULE_NAME_GPG, 0)
+          && comopt.use_keyboxd)
+        {
+          /* The above try_make_homedir created a new default hoemdir
+           * and also wrote a new common.conf.  Thus we now see that
+           * use-keyboxd has been set.  Let's set this option and
+           * return a dedicated error code.  */
+          opt.use_keyboxd = comopt.use_keyboxd;
+          rc = gpg_error (GPG_ERR_TRUE);
+          goto leave;
+        }
     }
-  *last_slash_in_filename = save_slash;
+  else
+    *last_slash_in_filename = save_slash;
 
   /* To avoid races with other instances of gpg trying to create or
      update the keybox (it is removed during an update for a short
@@ -459,9 +475,13 @@ keydb_add_resource (ctrl_t ctrl, const char *url, int force, int *auto_created)
  leave:
   if (err)
     {
-      log_error ("keyblock resource '%s': %s\n", filename, gpg_strerror (err));
-      gpgsm_status_with_error (ctrl, STATUS_ERROR,
-                               "add_keyblock_resource", err);
+      if (gpg_err_code (err) != GPG_ERR_TRUE)
+        {
+          log_error ("keyblock resource '%s': %s\n",
+                     filename, gpg_strerror (err));
+          gpgsm_status_with_error (ctrl, STATUS_ERROR,
+                                   "add_keyblock_resource", err);
+        }
     }
   else
     any_registered = 1;