diff options
| author | Werner Koch <wk@gnupg.org> | 2014-10-09 19:10:32 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2014-10-09 19:10:32 +0200 |
| commit | ec332d58efc50f6508b87fc9f51db68c39cee044 (patch) | |
| tree | e31b3ed8e4b220883af26b9aa42d78e61546f7ef /kbx/keybox-update.c | |
| parent | gpg: Change wording of a migration error message. (diff) | |
| download | gnupg2-ec332d58efc50f6508b87fc9f51db68c39cee044.tar.xz gnupg2-ec332d58efc50f6508b87fc9f51db68c39cee044.zip | |
gpg: Take care to use pubring.kbx if it has ever been used.
* kbx/keybox-defs.h (struct keybox_handle): Add field for_openpgp.
* kbx/keybox-file.c (_keybox_write_header_blob): Set openpgp header
flag.
* kbx/keybox-blob.c (_keybox_update_header_blob): Add arg for_openpgp
and set header flag.
* kbx/keybox-init.c (keybox_new): Rename to do_keybox_new, make static
and add arg for_openpgp.
(keybox_new_openpgp, keybox_new_x509): New. Use them instead of the
former keybox_new.
* kbx/keybox-update.c (blob_filecopy): Add arg for_openpgp and set the
openpgp header flags.
* g10/keydb.c (rt_from_file): New. Factored out and extended from
keydb_add_resource.
(keydb_add_resource): Switch to the kbx file if it has the openpgp
flag set.
* kbx/keybox-dump.c (dump_header_blob): Print header flags.
--
The problem was reported by dkg on gnupg-devel (2014-10-07):
I just discovered a new problem, though, which will affect people on
systems that have gpg and gpg2 coinstalled:
0) create a new keyring with gpg2, and use it exclusively with gpg2
for a while.
1) somehow (accidentally?) use gpg (1.4.x) again -- this creates
~/.gnupg/pubring.gpg
2) future runs of gpg2 now only look at pubring.gpg and ignore
pubring.kbx -- the keys you had accumulated in the keybox are no
longer listed in the output of gpg2 --list-keys
Note that gpgsm has always used pubring.kbx and thus this file might
already be there but without gpg ever inserted a key. The new flag in
the KBX header gives us an indication whether a KBX file has ever been
written by gpg >= 2.1. If that is the case we will use it instead of
the default pubring.gpg.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'kbx/keybox-update.c')
| -rw-r--r-- | kbx/keybox-update.c | 38 |
1 files changed, 25 insertions, 13 deletions
diff --git a/kbx/keybox-update.c b/kbx/keybox-update.c index 6ade9e79c..693b7324a 100644 --- a/kbx/keybox-update.c +++ b/kbx/keybox-update.c @@ -211,18 +211,18 @@ rename_tmp_file (const char *bakfname, const char *tmpfname, -/* Perform insert/delete/update operation. - MODE is one of FILECOPY_INSERT, FILECOPY_DELETE, FILECOPY_UPDATE. -*/ +/* Perform insert/delete/update operation. MODE is one of + FILECOPY_INSERT, FILECOPY_DELETE, FILECOPY_UPDATE. FOR_OPENPGP + indicates that this is called due to an OpenPGP keyblock change. */ static int blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob, - int secret, off_t start_offset) + int secret, int for_openpgp, off_t start_offset) { FILE *fp, *newfp; int rc=0; char *bakfname = NULL; char *tmpfname = NULL; - char buffer[4096]; + char buffer[4096]; /* (Must be at least 32 bytes) */ int nread, nbytes; /* Open the source file. Because we do a rename, we have to check the @@ -239,7 +239,7 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob, if (!newfp ) return gpg_error_from_syserror (); - rc = _keybox_write_header_blob (newfp); + rc = _keybox_write_header_blob (newfp, for_openpgp); if (rc) return rc; @@ -275,9 +275,19 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob, /* prepare for insert */ if (mode == FILECOPY_INSERT) { - /* Copy everything to the new file. */ + int first_record = 1; + + /* Copy everything to the new file. If this is for OpenPGP, we + make sure that the openpgp flag is set in the header. (We + failsafe the blob type.) */ while ( (nread = fread (buffer, 1, DIM(buffer), fp)) > 0 ) { + if (first_record && for_openpgp && buffer[4] == BLOBTYPE_HEADER) + { + first_record = 0; + buffer[7] |= 0x02; /* OpenPGP data may be available. */ + } + if (fwrite (buffer, nread, 1, newfp) != 1) { rc = gpg_error_from_syserror (); @@ -409,7 +419,7 @@ keybox_insert_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen, _keybox_destroy_openpgp_info (&info); if (!err) { - err = blob_filecopy (FILECOPY_INSERT, fname, blob, hd->secret, 0); + err = blob_filecopy (FILECOPY_INSERT, fname, blob, hd->secret, 1, 0); _keybox_release_blob (blob); /* if (!rc && !hd->secret && kb_offtbl) */ /* { */ @@ -462,7 +472,7 @@ keybox_update_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen) /* Update the keyblock. */ if (!err) { - err = blob_filecopy (FILECOPY_UPDATE, fname, blob, hd->secret, off); + err = blob_filecopy (FILECOPY_UPDATE, fname, blob, hd->secret, 1, off); _keybox_release_blob (blob); } return err; @@ -495,7 +505,7 @@ keybox_insert_cert (KEYBOX_HANDLE hd, ksba_cert_t cert, rc = _keybox_create_x509_blob (&blob, cert, sha1_digest, hd->ephemeral); if (!rc) { - rc = blob_filecopy (FILECOPY_INSERT, fname, blob, hd->secret, 0); + rc = blob_filecopy (FILECOPY_INSERT, fname, blob, hd->secret, 0, 0); _keybox_release_blob (blob); /* if (!rc && !hd->secret && kb_offtbl) */ /* { */ @@ -743,8 +753,10 @@ keybox_compress (KEYBOX_HANDLE hd) first_blob = 0; if (length > 4 && buffer[4] == BLOBTYPE_HEADER) { - /* Write out the blob with an updated maintenance time stamp. */ - _keybox_update_header_blob (blob); + /* Write out the blob with an updated maintenance time + stamp and if needed (ie. used by gpg) set the openpgp + flag. */ + _keybox_update_header_blob (blob, hd->for_openpgp); rc = _keybox_write_blob (blob, newfp); if (rc) break; @@ -752,7 +764,7 @@ keybox_compress (KEYBOX_HANDLE hd) } /* The header blob is missing. Insert it. */ - rc = _keybox_write_header_blob (newfp); + rc = _keybox_write_header_blob (newfp, hd->for_openpgp); if (rc) break; any_changes = 1; |