Control: forwarded 1102621 https://dev.gnupg.org/T7603 Control: tags 1102621 + patch
On Fri 2025-04-11 19:27:12 +0200, Andreas Metzler wrote: > npth was added in > ce9906b008c94c2aa4ac770a981d1e1e0b8aea47 > gpg: First rough implementation of keyboxd access for key lookup. > > and libassuan in aba82684fe14289cf62b4694bc398f3a274b4762 > gpg: New option --use-keyboxd. Thanks for the sleuthing here, Andreas. It's definitely useful to know where these additional dependencies were added. But i don't think gpgv has any business talking to keyboxd, at least according to its documentation. And, in the places where we use gpgv, it would probably be a disaster if it *did* talk to keyboxd. It looks like libassuan is present only due to g10/call-keyboxd.c. I've reported that upstream as https://dev.gnupg.org/T7603, and the patch attached here stubs out those calls for gpgv. I'm now looking into whether the npth dependency is really needed. it seems like the only invocations of npth in gpgv are: - npth_read - npth_sleep - npth_usleep afaict, those are merely collaborative asynchronous wrappers around the standard POSIX calls, which again seem unnecessary for gpgv. They appear to have been pulled in from common/sysutils.c when built with pth, which suggests that we just need to link gpgv against a non-pth libcommon. I'll test further and report back. --dkg
From 10db0bcdabf13adbbd9ffbb34e3b2b8516455ab3 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor <d...@fifthhorseman.net> Date: Fri, 11 Apr 2025 16:59:20 -0400 Subject: [PATCH] gpgv: Avoid Assuan dependency * g10/internal-keydb.c: (new file) stub functions for basic keydb parsing without talking to keyboxd. * g10/Makefile.am: gpgv depend on internal-keydb instead of call-keyboxd -- This avoids an unnecessary dependency on libassuan in gpgv. Since gpgv is targeted toward minimal environments, keeping a reduced set of dependencies is beneficial. GnuPG-Bug-Id: T7603 Signed-off-by: Daniel Kahn Gillmor <d...@fifthhorseman.net> --- g10/Makefile.am | 11 ++-- g10/internal-keydb.c | 118 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 124 insertions(+), 5 deletions(-) create mode 100644 g10/internal-keydb.c diff --git a/g10/Makefile.am b/g10/Makefile.am index e8d8e9017..dce8e37b9 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -104,7 +104,6 @@ common_source = \ expand-group.c \ keydb.h \ keydb-private.h \ - call-keyboxd.c \ keydb.c \ keyring.c keyring.h \ seskey.c \ @@ -132,6 +131,7 @@ common_source = \ gpg_sources = server.c \ $(common_source) \ + call-keyboxd.c \ pkclist.c \ skclist.c \ pubkey-enc.c \ @@ -168,6 +168,7 @@ gpg_SOURCES = gpg.c \ gpgv_SOURCES = gpgv.c \ $(common_source) \ + internal-keydb.c \ verify.c LDADD = $(needed_libs) ../common/libgpgrl.a \ @@ -186,21 +187,21 @@ t_common_ldadd = module_tests = t-rmd160 t-keydb t-keydb-get-keyblock t-stutter t-keyid t_rmd160_SOURCES = t-rmd160.c rmd160.c t_rmd160_LDADD = $(t_common_ldadd) -t_keydb_SOURCES = t-keydb.c test-stubs.c $(common_source) +t_keydb_SOURCES = t-keydb.c test-stubs.c $(common_source) call-keyboxd.c t_keydb_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \ $(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \ $(LIBICONV) $(t_common_ldadd) t_keydb_get_keyblock_SOURCES = t-keydb-get-keyblock.c test-stubs.c \ - $(common_source) + $(common_source) call-keyboxd.c t_keydb_get_keyblock_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \ $(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \ $(LIBICONV) $(t_common_ldadd) t_stutter_SOURCES = t-stutter.c test-stubs.c \ - $(common_source) + $(common_source) call-keyboxd.c t_stutter_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \ $(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \ $(LIBICONV) $(t_common_ldadd) -t_keyid_SOURCES = t-keyid.c test-stubs.c $(common_source) +t_keyid_SOURCES = t-keyid.c test-stubs.c $(common_source) call-keyboxd.c t_keyid_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \ $(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \ $(LIBICONV) $(t_common_ldadd) diff --git a/g10/internal-keydb.c b/g10/internal-keydb.c new file mode 100644 index 000000000..a7ffeae66 --- /dev/null +++ b/g10/internal-keydb.c @@ -0,0 +1,118 @@ +/* internal-keydb.c - Access a keydb directly, without keyboxd + * Copyright (C) 2025 g10 Code GmbH + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <https://www.gnu.org/licenses/>. + * SPDX-License-Identifier: GPL-3.0-or-later + */ + +/* This is extracted from call-keyboxd.h with all references to + * keyboxd stripped. The goal is to be able to use it in gpgv, since + * that tool never talks to the keybox daemon */ + +#include <config.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <errno.h> +#include <unistd.h> +#include <time.h> +#ifdef HAVE_LOCALE_H +# include <locale.h> +#endif +#include "gpg.h" +#include "../common/util.h" +#include "../common/membuf.h" +#include "options.h" +#include "../common/i18n.h" +#include "keydb.h" +#include "keydb-private.h" /* For struct keydb_handle_s */ + +KEYDB_HANDLE +keydb_new (ctrl_t ctrl) +{ + gpg_error_t err; + KEYDB_HANDLE hd; + + if (DBG_CLOCK) + log_clock ("keydb_new"); + + hd = xtrycalloc (1, sizeof *hd); + if (!hd) + { + err = gpg_error_from_syserror (); + goto leave; + } + + err = internal_keydb_init (hd); + + leave: + if (err) + { + int rc; + log_error (_("error opening key DB: %s\n"), gpg_strerror (err)); + xfree (hd); + hd = NULL; + if (!(rc = gpg_err_code_to_errno (err))) + rc = gpg_err_code_to_errno (GPG_ERR_EIO); + gpg_err_set_errno (rc); + } + return hd; +} + +void +keydb_release (KEYDB_HANDLE hd) +{ + if (!hd) + return; + internal_keydb_deinit (hd); + xfree (hd); +} + +gpg_error_t +keydb_lock (KEYDB_HANDLE hd) +{ + return internal_keydb_lock (hd); +} + +gpg_error_t +keydb_get_keyblock (KEYDB_HANDLE hd, kbnode_t *ret_kb) +{ + if (!hd) + return gpg_error (GPG_ERR_INV_ARG); + return internal_keydb_get_keyblock (hd, ret_kb); +} + +gpg_error_t +keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, + size_t ndesc, size_t *descindex) +{ + if (!hd) + return gpg_error (GPG_ERR_INV_ARG); + + if (descindex) + *descindex = 0; /* Make sure it is always set on return. */ + + return internal_keydb_search (hd, desc, ndesc, descindex); +} + +gpg_error_t +keydb_search_reset (KEYDB_HANDLE hd) +{ + if (!hd) + return gpg_error (GPG_ERR_INV_ARG); + + return internal_keydb_search_reset (hd); +} -- 2.47.2
signature.asc
Description: PGP signature