Control: forwarded 1102621 https://dev.gnupg.org/T7603
Control: tags 1102621 + patch

On Fri 2025-04-11 19:27:12 +0200, Andreas Metzler wrote:
> npth was added in
> ce9906b008c94c2aa4ac770a981d1e1e0b8aea47
> gpg: First rough implementation of keyboxd access for key lookup.
>
> and libassuan in aba82684fe14289cf62b4694bc398f3a274b4762
> gpg: New option --use-keyboxd.

Thanks for the sleuthing here, Andreas.  It's definitely useful to know
where these additional dependencies were added. But i don't think gpgv
has any business talking to keyboxd, at least according to its
documentation.

And, in the places where we use gpgv, it would probably be a disaster if
it *did* talk to keyboxd.

It looks like libassuan is present only due to g10/call-keyboxd.c.  I've
reported that upstream as https://dev.gnupg.org/T7603, and the patch
attached here stubs out those calls for gpgv.

I'm now looking into whether the npth dependency is really needed.  it
seems like the only invocations of npth in gpgv are:

 - npth_read
 - npth_sleep
 - npth_usleep

afaict, those are merely collaborative asynchronous wrappers around the
standard POSIX calls, which again seem unnecessary for gpgv.

They appear to have been pulled in from common/sysutils.c when built
with pth, which suggests that we just need to link gpgv against a
non-pth libcommon.   I'll test further and report back.

        --dkg

From 10db0bcdabf13adbbd9ffbb34e3b2b8516455ab3 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <d...@fifthhorseman.net>
Date: Fri, 11 Apr 2025 16:59:20 -0400
Subject: [PATCH] gpgv: Avoid Assuan dependency

* g10/internal-keydb.c: (new file) stub functions for basic keydb
parsing without talking to keyboxd.
* g10/Makefile.am: gpgv depend on internal-keydb instead of
call-keyboxd

--

This avoids an unnecessary dependency on libassuan in gpgv.  Since
gpgv is targeted toward minimal environments, keeping a reduced set of
dependencies is beneficial.

GnuPG-Bug-Id: T7603
Signed-off-by: Daniel Kahn Gillmor <d...@fifthhorseman.net>
---
 g10/Makefile.am      |  11 ++--
 g10/internal-keydb.c | 118 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 124 insertions(+), 5 deletions(-)
 create mode 100644 g10/internal-keydb.c

diff --git a/g10/Makefile.am b/g10/Makefile.am
index e8d8e9017..dce8e37b9 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -104,7 +104,6 @@ common_source =  \
 	      expand-group.c	\
 	      keydb.h           \
 	      keydb-private.h   \
-              call-keyboxd.c    \
 	      keydb.c           \
 	      keyring.c keyring.h \
 	      seskey.c		\
@@ -132,6 +131,7 @@ common_source =  \
 
 gpg_sources = server.c          \
 	      $(common_source)	\
+              call-keyboxd.c    \
 	      pkclist.c 	\
 	      skclist.c 	\
 	      pubkey-enc.c	\
@@ -168,6 +168,7 @@ gpg_SOURCES  = gpg.c \
 
 gpgv_SOURCES = gpgv.c           \
 	      $(common_source)  \
+	      internal-keydb.c  \
 	      verify.c
 
 LDADD =  $(needed_libs) ../common/libgpgrl.a \
@@ -186,21 +187,21 @@ t_common_ldadd =
 module_tests = t-rmd160 t-keydb t-keydb-get-keyblock t-stutter t-keyid
 t_rmd160_SOURCES = t-rmd160.c rmd160.c
 t_rmd160_LDADD = $(t_common_ldadd)
-t_keydb_SOURCES = t-keydb.c test-stubs.c $(common_source)
+t_keydb_SOURCES = t-keydb.c test-stubs.c $(common_source) call-keyboxd.c
 t_keydb_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \
               $(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \
 	      $(LIBICONV) $(t_common_ldadd)
 t_keydb_get_keyblock_SOURCES = t-keydb-get-keyblock.c test-stubs.c \
-	      $(common_source)
+	      $(common_source) call-keyboxd.c
 t_keydb_get_keyblock_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \
               $(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \
 	      $(LIBICONV) $(t_common_ldadd)
 t_stutter_SOURCES = t-stutter.c test-stubs.c \
-	      $(common_source)
+	      $(common_source) call-keyboxd.c
 t_stutter_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \
 	      $(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \
 	      $(LIBICONV) $(t_common_ldadd)
-t_keyid_SOURCES = t-keyid.c test-stubs.c $(common_source)
+t_keyid_SOURCES = t-keyid.c test-stubs.c $(common_source) call-keyboxd.c
 t_keyid_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \
               $(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \
 	      $(LIBICONV) $(t_common_ldadd)
diff --git a/g10/internal-keydb.c b/g10/internal-keydb.c
new file mode 100644
index 000000000..a7ffeae66
--- /dev/null
+++ b/g10/internal-keydb.c
@@ -0,0 +1,118 @@
+/* internal-keydb.c - Access a keydb directly, without keyboxd
+ * Copyright (C) 2025  g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: GPL-3.0-or-later
+ */
+
+/* This is extracted from call-keyboxd.h with all references to
+ * keyboxd stripped.  The goal is to be able to use it in gpgv, since
+ * that tool never talks to the keybox daemon */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <time.h>
+#ifdef HAVE_LOCALE_H
+# include <locale.h>
+#endif
+#include "gpg.h"
+#include "../common/util.h"
+#include "../common/membuf.h"
+#include "options.h"
+#include "../common/i18n.h"
+#include "keydb.h"
+#include "keydb-private.h"  /* For struct keydb_handle_s */
+
+KEYDB_HANDLE
+keydb_new (ctrl_t ctrl)
+{
+  gpg_error_t err;
+  KEYDB_HANDLE hd;
+
+  if (DBG_CLOCK)
+    log_clock ("keydb_new");
+
+  hd = xtrycalloc (1, sizeof *hd);
+  if (!hd)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+
+  err = internal_keydb_init (hd);
+
+ leave:
+  if (err)
+    {
+      int rc;
+      log_error (_("error opening key DB: %s\n"), gpg_strerror (err));
+      xfree (hd);
+      hd = NULL;
+      if (!(rc = gpg_err_code_to_errno (err)))
+        rc = gpg_err_code_to_errno (GPG_ERR_EIO);
+      gpg_err_set_errno (rc);
+    }
+  return hd;
+}
+
+void
+keydb_release (KEYDB_HANDLE hd)
+{
+  if (!hd)
+    return;
+  internal_keydb_deinit (hd);
+  xfree (hd);
+}
+
+gpg_error_t
+keydb_lock (KEYDB_HANDLE hd)
+{
+  return internal_keydb_lock (hd);
+}
+
+gpg_error_t
+keydb_get_keyblock (KEYDB_HANDLE hd, kbnode_t *ret_kb)
+{
+  if (!hd)
+    return gpg_error (GPG_ERR_INV_ARG);
+  return internal_keydb_get_keyblock (hd, ret_kb);
+}
+
+gpg_error_t
+keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
+              size_t ndesc, size_t *descindex)
+{
+  if (!hd)
+    return gpg_error (GPG_ERR_INV_ARG);
+
+  if (descindex)
+    *descindex = 0; /* Make sure it is always set on return.  */
+
+  return internal_keydb_search (hd, desc, ndesc, descindex);
+}
+
+gpg_error_t
+keydb_search_reset (KEYDB_HANDLE hd)
+{
+  if (!hd)
+    return gpg_error (GPG_ERR_INV_ARG);
+
+  return internal_keydb_search_reset (hd);
+}
-- 
2.47.2

Attachment: signature.asc
Description: PGP signature

Reply via email to