2 #+TITLE: A Hacker's Guide to GnuPG
3 #+TEXT: Some notes on GnuPG internals
6 # Note: This might be a copy; the original lives in gnupg/doc/HACKING.
10 The following stuff explains some basic procedures you need to
11 follow if you want to contribute code or documentation.
13 ** No more ChangeLog files
15 Do not modify any of the ChangeLog files in GnuPG. Starting on
16 December 1st, 2011 we put change information only in the GIT commit
17 log, and generate a top-level ChangeLog file from logs at "make dist"
18 time. As such, there are strict requirements on the form of the
19 commit log messages. The old ChangeLog files have all be renamed to
22 ** Commit log requirements
24 Your commit log should always start with a one-line summary, the
25 second line should be blank, and the remaining lines are usually
26 ChangeLog-style entries for all affected files. However, it's fine
27 --- even recommended --- to write a few lines of prose describing the
28 change, when the summary and ChangeLog entries don't give enough of
29 the big picture. Omit the leading TABs that you are seeing in a
30 "real" ChangeLog file, but keep the maximum line length at 72 or
31 smaller, so that the generated ChangeLog lines, each with its leading
32 TAB, will not exceed 80 columns. If you want to add text which shall
33 not be copied to the ChangeLog, separate it by a line consisting of
34 two dashes at the begin of a line.
36 The one-line summary usually starts with a keyword to identify the
37 mainly affected subsystem (that is not the directory). If more than
38 one keyword is required they are delimited by a comma
39 (e.g. =scd,w32:=). Commonly found keywords are
41 - agent :: The gpg-agent component
42 - build :: Changes to the build system
43 - ccid :: The CCID driver in scdaemon
44 - common :: Code in common
45 - dirmngr :: The dirmngr component
46 - doc :: Documentation changes
47 - gpg :: The gpg or gpgv components
48 - sm :: The gpgsm component (also "gpgsm")
49 - gpgscm :: The regression test driver
50 - indent :: Indentation and similar changes
51 - iobuf :: The IOBUF system in common
53 - scd :: The scdaemon component
54 - speedo :: Speedo build system specific changes
55 - ssh :: The ssh-agent part of the agent
56 - tests :: The regressions tests
57 - tools :: Other code in tools
58 - w32 :: Windows related code
59 - wks :: The web key service tools
60 - yat2m :: The yat2m tool.
62 Typo fixes and documentation updates don't need a ChangeLog entry;
63 thus you would use a commit message like
66 doc: Fix typo in a comment
71 The marker line here is important; without it the first line would
72 appear in the ChangeLog.
74 If you exceptionally need to have longer lines in a commit log you may
75 do this after this scissor line:
77 # ------------------------ >8 ------------------------
79 (hash, blank, 24 dashes, blank, scissor, blank, 24 dashes).
80 Note that such a comment will be removed if the git commit option
81 =--cleanup=scissor= is used.
85 GnuPG is licensed under the GPLv3+ with some files under a mixed
86 LGPLv3+/GPLv2+ license. It is thus important, that all contributed
87 code allows for an update of the license; for example we can't
88 accept code under the GPLv2(only).
90 GnuPG used to have a strict policy of requiring copyright
91 assignments to the FSF. To avoid this major organizational overhead
92 and to allow inclusion of code, not copyrighted by the FSF, this
93 policy has been relaxed on 2013-03-29. It is now also possible to
94 contribute code by asserting that the contribution is in accordance
95 to the "Libgcrypt Developer's Certificate of Origin" as found in the
96 file "DCO". (Except for a slight wording change, this DCO is
97 identical to the one used by the Linux kernel.)
99 If you want to contribute code or documentation to GnuPG and you
100 didn't sign a copyright assignment with the FSF in the past, you
101 need to take these simple steps:
103 - Decide which mail address you want to use. Please have your real
104 name in the address and not a pseudonym. Anonymous contributions
105 can only be done if you find a proxy who certifies for you.
107 - If your employer or school might claim ownership of code written
108 by you; you need to talk to them to make sure that you have the
109 right to contribute under the DCO.
111 - Send an OpenPGP signed mail to the gnupg-devel@gnupg.org mailing
112 list from your mail address. Include a copy of the DCO as found
113 in the official master branch. Insert your name and email address
114 into the DCO in the same way you want to use it later. Example:
116 Signed-off-by: Joe R. Hacker <joe@example.org>
118 (If you really need it, you may perform simple transformations of
119 the mail address: Replacing "@" by " at " or "." by " dot ".)
121 - That's it. From now on you only need to add a "Signed-off-by:"
122 line with your name and mail address to the commit message. It is
123 recommended to send the patches using a PGP/MIME signed mail. See
124 below on how to send patches.
128 Please follow the GNU coding standards. If you are in doubt consult
129 the existing code as an example. Do no re-indent code without a
130 need. If you really need to do it, use a separate commit for such a
133 - Only certain C99 features may be used (see below); in general
135 - Please do not use C++ =//= style comments.
136 - Do not use comments like:
139 /* Now that we know that foo is true we can call bar. */
142 instead write the comment on the if line or before it. You may
143 also use a block and put the comment inside.
144 - Please use asterisks on the left of longer comments. This makes
145 it easier to read without syntax highlighting, on printouts, and
147 - Try to fit lines into 80 columns.
148 - Ignore signed/unsigned pointer mismatches
149 - No arithmetic on void pointers; cast to char* first.
154 this is harder to read and modern compilers are pretty good in
155 detecing accidental assignments. It is also suggested not to
156 compare to 0 or NULL but to test the value direct or with a '!';
157 this makes it easier to see that a boolean test is done.
158 - We use our own printf style functions like =es_printf=, and
159 =gpgrt_asprintf= (or the =es_asprintf= macro) which implement most
160 C99 features with the exception of =wchar_t= (which should anyway
161 not be used). Please use them always and do not resort to those
162 provided by libc. The rationale for using them is that we know
163 that the format specifiers work on all platforms and that we do
164 not need to chase platform dependent bugs. Note also that in
165 gnupg asprintf is a macro already evaluating to gpgrt_asprintf.
166 - It is common to have a label named "leave" for a function's
167 cleanup and return code. This helps with freeing memory and is a
168 convenient location to set a breakpoint for debugging.
169 - Always use xfree() instead of free(). If it is not easy to see
170 that the freed variable is not anymore used, explicitly set the
172 - New code shall in general use xtrymalloc or xtrycalloc and check
173 for an error (use gpg_error_from_syserror()).
174 - Init function local variables only if needed so that the compiler
175 can do a better job in detecting uninitialized variables which may
176 indicate a problem with the code.
177 - Never init static or file local variables to 0 to make sure they
179 - Put extra parenthesis around terms with binary operators to make
180 it clear that the binary operator was indeed intended.
181 - Use --enable-maintainer-mode with configure so that all suitable
182 warnings are enabled.
186 Follow the GNU standards. Here are some conventions you may want to
187 stick to (do not rename existing "wrong" uses without a good reason).
189 - err :: This conveys an error code of type =gpg_error_t= which is
190 compatible to an =int=. To compare such a variable to a
191 GPG_ERR_ constant, it is necessary to access the value like
192 this: =gpg_err_code(err)=.
193 - ec :: This is used for a gpg-error code which has no source part
194 (=gpg_err_code_t=) and will eventually be used as input to
196 - rc :: Used for all kind of other errors; for example system
197 calls. The value is not compatible with gpg-error.
200 *** C99 language features
202 In GnuPG 2.x, but *not in 1.4* and not in most libraries, a limited
203 set of C99 features may be used:
206 : #define foo(a,...) bar(a, __VA_ARGS__)
208 - The predefined macro =__func__=:
209 : log_debug ("%s: Problem with foo\n", __func__);
211 Although we usually make use of the =u16=, =u32=, and =u64= types,
212 it is also possible to include =<stdint.h>= and use =int16_t=,
213 =int32_t=, =int64_t=, =uint16_t=, =uint32_t=, and =uint64_t=. But do
214 not use =int8_t= or =uint8_t=.
216 ** Commit log keywords
218 - GnuPG-bug-id :: Values are comma or space delimited bug numbers
219 from bug.gnupg.org pertaining to this commit.
220 - Debian-bug-id :: Same as above but from the Debian bug tracker.
221 - CVE-id :: CVE id number pertaining to this commit.
222 - Regression-due-to :: Commit id of the regression fixed by this commit.
223 - Fixes-commit :: Commit id this commit fixes.
224 - Updates-commit :: Commit id this commit updates.
225 - See-commit :: Commit id of a related commit.
226 - Reported-by :: Value is a name or mail address of a bug reporte.
227 - Suggested-by :: Value is a name or mail address of someone how
228 suggested this change.
229 - Co-authored-by :: Name or mail address of a co-author
230 - Some-comments-by :: Name or mail address of the author of
231 additional comments (commit log or code).
232 - Proofread-by :: Sometimes used by translation commits.
233 - Signed-off-by :: Name or mail address of the developer.
234 - Backported-from-master :: Value is the commit id of the original patch.
235 - Ported-from-stable :: Value is the commit id of the original patch.
238 Submitting patches, and subsequent discussions around them,
239 happens via the gnupg-devel@gnupg.org public mailing list.
241 Send your patches to that list, preferably PGP/MIME signed. Make sure
242 to include a mention of 'gnupg' (or gpgme, libassuan, etc) in the
243 subject line; the list is used for several different projects.
245 In general you should send patches only for the master branch; we may
246 later decide to backport to another branch. Please ask first before
247 sending pacthes for another branch.
249 If you're working from the Git repo, here's a suggested workflow:
251 - Configure git send-email defaults:
253 : git config format.subjectPrefix 'PATCH gnupg'
254 : git config sendemail.to gnupg-devel@gnupg.org
256 (For other sub-projects adjust accordingly)
260 - Commit your changes; group changes into easily-reviewable commit
261 units, feel free to submit several patches at once.
263 e.g. if you want to submit a single patch on top of master, do:
264 : git send-email --annotate -1
266 e.g. if you have two commits on top of master, do:
267 : git send-email --annotate --cover-letter -2
269 (that prompts you for a summary mail to precede your actual patch
272 - use Git's --dry-run option to test your setup
276 ** How to build an installer for Windows
278 Your best bet is to use a decent Debian System for development.
279 You need to install a long list of tools for building. This list
280 still needs to be compiled. However, the build process will stop
281 if a tool is missing. GNU make is required (on non GNU systems
282 often installed as "gmake"). The installer requires a couple of
283 extra software to be available either as tarballs or as local git
284 repositories. In case this file here is part of a gnupg-w32-2.*.xz
285 complete tarball as distributed from the same place as a binary
286 installer, all such tarballs are already included.
288 Cd to the GnuPG source directory and use one of one of these
291 - If sources are included (gnupg-w32-*.tar.xz)
293 make -f build-aux/speedo.mk WHAT=this installer
295 - To build from tarballs
297 make -f build-aux/speedo.mk WHAT=release TARBALLS=TARDIR installer
299 - To build from local GIT repos
301 make -f build-aux/speedo.mk WHAT=git TARBALLS=TARDIR installer
303 Note that also you need to supply tarballs with supporting
304 libraries even if you build from git. The makefile expects only
305 the core GnuPG software to be available as local GIT repositories.
306 speedo.mk has the versions of the tarballs and the branch names of
307 the git repositories. In case of problems, don't hesitate to ask
308 on the gnupg-devel mailing for help.
312 See the manual for some hints.
314 * Various information
318 - ./ :: Readme, configure
319 - ./agent :: Gpg-agent and related tools
320 - ./doc :: Documentation
321 - ./g10 :: Gpg program here called gpg2
322 - ./sm :: Gpgsm program
323 - ./jnlib :: Not used (formerly used utility functions)
324 - ./common :: Utility functions
325 - ./kbx :: Keybox library
326 - ./scd :: Smartcard daemon
327 - ./scripts :: Scripts needed by configure and others
328 - ./dirmngr :: The directory manager
332 This list of files is not up to date!
334 - g10/gpg.c :: Main module with option parsing and all the stuff you
335 have to do on startup. Also has the exit handler and
336 some helper functions.
338 - g10/parse-packet.c ::
339 - g10/build-packet.c ::
340 - g10/free-packet.c :: Parsing and creating of OpenPGP message packets.
342 - g10/getkey.c :: Key selection code
343 - g10/pkclist.c :: Build a list of public keys
344 - g10/skclist.c :: Build a list of secret keys
345 - g10/keyring.c :: Keyring access functions
348 - g10/keyid.c :: Helper functions to get the keyid, fingerprint etc.
350 - g10/trustdb.c :: Web-of-Trust computations
352 - g10/tdbdump.c :: Export/import/list the trustdb.gpg
353 - g10/tdbio.c :: I/O handling for the trustdb.gpg
356 - g10/compress.c :: Filter to handle compression
357 - g10/filter.h :: Declarations for all filter functions
358 - g10/delkey.c :: Delete a key
359 - g10/kbnode.c :: Helper for the kbnode_t linked list
360 - g10/main.h :: Prototypes and some constants
361 - g10/mainproc.c :: Message processing
362 - g10/armor.c :: Ascii armor filter
363 - g10/mdfilter.c :: Filter to calculate hashes
364 - g10/textfilter.c :: Filter to handle CR/LF and trailing white space
365 - g10/cipher.c :: En-/Decryption filter
366 - g10/misc.c :: Utility functions
367 - g10/options.h :: Structure with all the command line options
368 and related constants
369 - g10/openfile.c :: Create/Open Files
370 - g10/keyserver.h :: Keyserver access dispatcher.
371 - g10/packet.h :: Definition of OpenPGP structures.
372 - g10/passphrase.c :: Passphrase handling code
374 - g10/pubkey-enc.c :: Process a public key encoded packet.
375 - g10/seckey-cert.c :: Not anymore used
376 - g10/seskey.c :: Make session keys etc.
377 - g10/import.c :: Import keys into our key storage.
378 - g10/export.c :: Export keys to the OpenPGP format.
379 - g10/sign.c :: Create signature and optionally encrypt.
380 - g10/plaintext.c :: Process plaintext packets.
381 - g10/decrypt-data.c :: Decrypt an encrypted data packet
382 - g10/encrypt.c :: Main encryption driver
383 - g10/revoke.c :: Create recovation certificates.
384 - g10/keylist.c :: Print information about OpenPGP keys
385 - g10/sig-check.c :: Check a signature
386 - g10/helptext.c :: Show online help texts
387 - g10/verify.c :: Verify signed data.
388 - g10/decrypt.c :: Decrypt and verify data.
389 - g10/keyedit.c :: Edit properties of a key.
390 - g10/dearmor.c :: Armor utility.
391 - g10/keygen.c :: Generate a key pair
395 Use only the functions:
412 The *secure versions allocate memory in the secure memory. That is,
413 swapping out of this memory is avoided and is gets overwritten on
414 free. Use this for passphrases, session keys and other sensitive
415 material. This memory set aside for secure memory is linited to a few
416 k. In general the function don't print a memory message and
417 terminate the process if there is not enough memory available. The
418 "try" versions of the functions return NULL instead.
426 GnuPG does not use getopt or GNU getopt but functions of it's own.
427 See util/argparse.c for details. The advantage of these functions is
428 that it is more easy to display and maintain the help texts for the
429 options. The same option table is also used to parse resource files.
433 This is the data structure used for most I/O of gnupg. It is similar
434 to System V Streams but much simpler. Because OpenPGP messages are
435 nested in different ways; the use of such a system has big advantages.
436 Here is an example, how it works: If the parser sees a packet header
437 with a partial length, it pushes the block_filter onto the IOBUF to
438 handle these partial length packets: from now on you don't have to
439 worry about this. When it sees a compressed packet it pushes the
440 uncompress filter and the next read byte is one which has already been
441 uncompressed by this filter. Same goes for enciphered packet,
442 plaintext packets and so on. The file g10/encode.c might be a good
443 starting point to see how it is used - actually this is the other way:
444 constructing messages using pushed filters but it may be easier to
projects / platform / upstream / gpg2.git / blob