gpglib: fixes for gpg2.

Add --with-gpg2 compiler option, to prefer gpg2 instead of gpg.

When compiled against gpg2, --pinentry-mode local must be given, for
certain operations.

Implement libmail_gpg_makepassphrasepipe(), to help apps pass passphrases
via pipes.

Removes obsolete 'trust level' parameter from libmail_gpg_signkey().

7 files changed, 104 insertions, 59 deletions

diff --git a/gpglib/configure.ac b/gpglib/configure.ac
index 2b94cc4..e904831 100644
--- a/gpglib/configure.ac
+++ b/gpglib/configure.ac
@@ -22,7 +22,21 @@ AC_PROG_CC
 AC_LIBTOOL_DLOPEN
 AM_PROG_LIBTOOL
 AC_PROG_LN_S
-AC_PATH_PROGS(GPG, gpg gpg2, /usr/bin/gpg, $LPATH)
+AC_ARG_WITH(gpg2,[ --with-gpg2       Use gpg2 instead of gpg ], [gpg2_option="$withval"], [gpg2_option=])
+
+case "$gpg2_option" in
+y*|Y*)
+    AC_PATH_PROGS(GPG, gpg2 gpg, /usr/bin/gpg2, $LPATH)
+    ;;
+*)
+    AC_PATH_PROGS(GPG, gpg gpg2, /usr/bin/gpg, $LPATH)
+    ;;
+esac
+if test ! -x "$GPG"
+then
+    AC_MSG_ERROR($GPG not found)
+    exit 1
+fi
 AC_PATH_PROGS(PERL, perl5 perl, perl, $LPATH)
 
 if test "$PERL" = "perl"
@@ -52,34 +66,6 @@ unset GNUPGHOME
 AC_DEFINE_UNQUOTED(GPG_CHARSET,"$ac_cv_gpg_charset",
 	[ Default gpg output character set ])
 
-VERSION="`$GPG --version | sed '2,$d;s/.* //'`"
-
-if test "$VERSION" = ""
-then
-	AC_MSG_WARN(Unable to determine gpg version)
-else
-	has_cert_check_level=1
-
-	case $VERSION in
-	1.0.4)
-		has_cert_check_level=0
-		;;
-	1.0.5)
-		has_cert_check_level=0
-		;;
-	1.0.6)
-		has_cert_check_level=0
-		;;
-	esac
-
-fi
-
-if test "$has_cert_check_level" = 1
-then
-	AC_DEFINE_UNQUOTED(GPG_HAS_CERT_CHECK_LEVEL,1,
-	[ Whether gpg --sign-key asks for certificate trust level ])
-fi
-
 rm -rf conftempdir
 mkdir conftempdir
 
@@ -91,6 +77,21 @@ fi
 
 rm -rf conftempdir
 
+AC_CACHE_CHECK( [for --pinentry-mode option], ac_cv_gpg_pinentry_mode, [
+
+if $GPG --list-keys --pinentry-mode loopback >/dev/null 2>&1
+then
+     ac_cv_gpg_pinentry_mode="yes"
+else
+     ac_cv_gpg_pinentry_mode="no"
+fi
+])
+
+if test "$ac_cv_gpg_pinentry_mode" = "yes"
+then
+    AC_DEFINE_UNQUOTED(GPG_REQUIRES_PINENTRY_MODE_OPTION,1,
+                   [ Whether --pinentry-mode flag is required for gpg ])
+fi
 dnl Checks for libraries.
 
 dnl Checks for header files.
diff --git a/gpglib/delete.c b/gpglib/delete.c
index 596f885..7dbdb81 100644
--- a/gpglib/delete.c
+++ b/gpglib/delete.c
@@ -1,5 +1,5 @@
 /*
-** Copyright 2001-2003 Double Precision, Inc.  See COPYING for
+** Copyright 2001-2016 Double Precision, Inc.  See COPYING for
 ** distribution information.
 */
 
@@ -34,7 +34,7 @@ int libmail_gpg_deletekey(const char *gpgdir, int secret,
 			  int (*dump_func)(const char *, size_t, void *),
 			  void *voidarg)
 {
-	char *argvec[8];
+	char *argvec[9];
 	int rc;
 
 	argvec[0]="gpg";
@@ -43,8 +43,9 @@ int libmail_gpg_deletekey(const char *gpgdir, int secret,
 	argvec[3]= secret ? "--delete-secret-key":"--delete-key";
 	argvec[4]="-q";
 	argvec[5]="--no-tty";
-	argvec[6]=(char *)fingerprint;
-	argvec[7]=0;
+	argvec[6]="--yes";
+	argvec[7]=(char *)fingerprint;
+	argvec[8]=0;
 
 	if (libmail_gpg_fork(&libmail_gpg_stdin, &libmail_gpg_stdout, NULL,
 			     gpgdir, argvec) < 0)
diff --git a/gpglib/genkey.c b/gpglib/genkey.c
index 15f7822..a6910ed 100644
--- a/gpglib/genkey.c
+++ b/gpglib/genkey.c
@@ -139,6 +139,7 @@ static char *mkcmdbuf(const char *name, const char *addr, const char *comment,
 		      const char *passphrase)
 {
 	static const char genkey_cmd[]=
+		"%s"
 		"Key-Type: DSA\n"
 		"Key-Length: %s\n"
 		"Subkey-Type: ELG-E\n"
@@ -189,7 +190,9 @@ static char *mkcmdbuf(const char *name, const char *addr, const char *comment,
 	while (*comment == ' ' || *comment == '\t')
 		++comment;
 
-	sprintf(p, genkey_cmd, skl_buf, kl_buf,
+	sprintf(p, genkey_cmd,
+		*passphrase ? "":"%no-protection\n",
+		skl_buf, kl_buf,
 
 		*name ? namereal1:"",
 		name,
diff --git a/gpglib/gpglib.h b/gpglib/gpglib.h
index 784f9b8..58ffafd 100644
--- a/gpglib/gpglib.h
+++ b/gpglib/gpglib.h
@@ -1,7 +1,7 @@
 #ifndef	gpglib_h
 #define	gpglib_h
 /*
-** Copyright 2001-2008 Double Precision, Inc.  See COPYING for
+** Copyright 2001-2016 Double Precision, Inc.  See COPYING for
 ** distribution information.
 */
 
@@ -150,9 +150,17 @@ int libmail_gpg_deletekey(const char *gpgdir, int secret, const char *fingerprin
 int libmail_gpg_signkey(const char *gpgdir, const char *signthis, const char *signwith,
 		int passphrase_fd,
 		int (*dump_func)(const char *, size_t, void *),
-		int trustlevel,
 		void *voidarg);
 
+int libmail_gpg_makepassphrasepipe(const char *passphrase,
+				   size_t passphrase_size);
+	/*
+	** Create a pipe and fork, the child process writes the passphrase
+	** to the pipe and exits.
+	**
+	** Returns the read end of the pipe.
+	*/
+
 int libmail_gpg_checksign(const char *gpgdir,
 		  const char *content,	/* Filename, for now */
 		  const char *signature, /* Filename, for now */
diff --git a/gpglib/mimegpgfork.c b/gpglib/mimegpgfork.c
index d1b849c..18d1cd8 100644
--- a/gpglib/mimegpgfork.c
+++ b/gpglib/mimegpgfork.c
@@ -96,7 +96,7 @@ static int libmail_gpgmime_fork(const char *gpgdir,
 			close(pipes[n][1]);
 		}
 
-		newargv=malloc( (xargc + argc + 5) * sizeof(char *));
+		newargv=malloc( (xargc + argc + 7) * sizeof(char *));
 		if (!newargv)
 		{
 			perror("malloc");
@@ -107,17 +107,13 @@ static int libmail_gpgmime_fork(const char *gpgdir,
 		newargv[i++]="gpg";
 		if (passphrase_fd)
 		{
-			int n=atoi(passphrase_fd);
-
-			if (lseek(n, 0L, SEEK_SET) < 0)
-			{
-				perror("passphrase-fd: seek");
-				_exit(1);
-			}
-
 			newargv[i++]="--batch";
 			newargv[i++]="--passphrase-fd";
 			newargv[i++]=(char *)passphrase_fd;
+#if GPG_REQUIRES_PINENTRY_MODE_OPTION
+			newargv[i++]="--pinentry-mode";
+			newargv[i++]="loopback";
+#endif
 		}
 
 		for (n=0; n<xargc; n++)
diff --git a/gpglib/sign.c b/gpglib/sign.c
index 37438cd..a713eaf 100644
--- a/gpglib/sign.c
+++ b/gpglib/sign.c
@@ -13,6 +13,7 @@
 #include	<sys/types.h>
 #include	<sys/stat.h>
 #include	<sys/time.h>
+#include	<sys/wait.h>
 #if HAVE_FCNTL_H
 #include	<fcntl.h>
 #endif
@@ -36,10 +37,9 @@ static int dosignkey(int (*)(const char *, size_t, void *),
 int libmail_gpg_signkey(const char *gpgdir, const char *signthis, const char *signwith,
 		int passphrase_fd,
 		int (*dump_func)(const char *, size_t, void *),
-		int trust_level,
 		void *voidarg)
 {
-	char *argvec[12];
+	char *argvec[14];
 	int rc;
 	char passphrase_fd_buf[NUMBUFSIZE];
 	int i;
@@ -57,6 +57,10 @@ int libmail_gpg_signkey(const char *gpgdir, const char *signthis, const char *si
 	{
 		GPGARGV_PASSPHRASE_FD(argvec, i, passphrase_fd,
 				      passphrase_fd_buf);
+#if GPG_REQUIRES_PINENTRY_MODE_OPTION
+		argvec[i++]="--pinentry-mode";
+		argvec[i++]="loopback";
+#endif
 	}
 
 	argvec[i++]="--sign-key";
@@ -71,18 +75,7 @@ int libmail_gpg_signkey(const char *gpgdir, const char *signthis, const char *si
 
 		char cmdstr[10];
 
-#if GPG_HAS_CERT_CHECK_LEVEL
-
-		cmdstr[0]='0';
-
-		if (trust_level > 0 && trust_level <= 9)
-			cmdstr[0]='0' + trust_level;
-
-		strcpy(cmdstr+1, "\nY\n");
-
-#else
 		strcpy(cmdstr, "Y\n");
-#endif
 
 		rc=dosignkey(dump_func, cmdstr, voidarg);
 		rc2=libmail_gpg_cleanup();
@@ -107,3 +100,46 @@ static int dosignkey(int (*dump_func)(const char *, size_t, void *),
 		rc=rc2;
 	return (rc);
 }
+
+int libmail_gpg_makepassphrasepipe(const char *passphrase,
+				   size_t passphrase_size)
+{
+	int pfd[2];
+	pid_t p;
+
+	if (pipe(pfd) < 0)
+		return -1;
+
+	p=fork();
+
+	if (p < 0)
+	{
+		close(pfd[0]);
+		close(pfd[1]);
+		return -1;
+	}
+
+	if (p == 0)
+	{
+		p=fork();
+
+		if (p)
+			_exit(0);
+
+		close(pfd[0]);
+
+		while (passphrase_size)
+		{
+			ssize_t n=write(pfd[1], passphrase, passphrase_size);
+
+			if (n < 0)
+				break;
+			passphrase += n;
+			passphrase_size -= n;
+		}
+		_exit(0);
+	}
+	waitpid(p, NULL, 0);
+	close(pfd[1]);
+	return(pfd[0]);
+}
diff --git a/gpglib/testgpg.c b/gpglib/testgpg.c
index bc0c5a9..a2178c0 100644
--- a/gpglib/testgpg.c
+++ b/gpglib/testgpg.c
@@ -82,7 +82,7 @@ static int delkey(const char *d, const char *f, int flag)
 
 static int signkey(const char *d, const char *signthis, const char *signwith)
 {
-	return (libmail_gpg_signkey(d, signthis, signwith, -1, dump_stdout, 0, NULL));
+	return (libmail_gpg_signkey(d, signthis, signwith, -1, dump_stdout, NULL));
 }
 
 static int checksign(const char *d, const char *stuff, const char *sig)