mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
gpg: New list-option --show-unusable-sigs.
* g10/options.h (LIST_SHOW_UNUSABLE_SIGS): New. * g10/gpg.c (parse_list_options): Add "show-unusable-sigs". * g10/keydb.h (keyid_eq): New. (pk_is_primary): New. * g10/keylist.c (list_signature_print): Early return for weak key signatures. Print "self-signature" instead of user-id. (list_keyblock_print): Simplify and always set self-sig node flag. -- This patch avoid the printing of often hundreds of "Invalid digest algorithm" notices during key signature listings if those key signatures were done with SHA1. The new option can be used to revert the behaviour. We now also print "[self-signature]" with --check-sigs or --list-sigs instead of the primary user id. This makes such listing easier to read.
This commit is contained in:
parent
8b8a8b246c
commit
103acfe9ca
8
NEWS
8
NEWS
@ -1,10 +1,16 @@
|
|||||||
Noteworthy changes in version 2.4.1 (unreleased)
|
Noteworthy changes in version 2.4.1 (unreleased)
|
||||||
------------------------------------------------
|
------------------------------------------------
|
||||||
|
|
||||||
* gpg: Make "--list-options show-sig-subpackets" work again.
|
* gpg: New list-option "show-unusable-sigs".
|
||||||
|
|
||||||
|
* gpg: Show "[self-signature]" instead of the user-id in key
|
||||||
|
signature listings.
|
||||||
|
|
||||||
|
* gpg: Make list-options "show-sig-subpackets" work again.
|
||||||
Fixes regression in 2.4.0.
|
Fixes regression in 2.4.0.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Noteworthy changes in version 2.4.0 (2022-12-16)
|
Noteworthy changes in version 2.4.0 (2022-12-16)
|
||||||
------------------------------------------------
|
------------------------------------------------
|
||||||
|
|
||||||
|
@ -1405,6 +1405,10 @@ give the opposite meaning. The options are:
|
|||||||
@opindex list-options:show-unusable-subkeys
|
@opindex list-options:show-unusable-subkeys
|
||||||
Show revoked and expired subkeys in key listings. Defaults to no.
|
Show revoked and expired subkeys in key listings. Defaults to no.
|
||||||
|
|
||||||
|
@item show-unusable-sigs
|
||||||
|
@opindex list-options:show-unusable-sigs
|
||||||
|
Show key signature made using weak or unsupported algorithms.
|
||||||
|
|
||||||
@item show-keyring
|
@item show-keyring
|
||||||
@opindex list-options:show-keyring
|
@opindex list-options:show-keyring
|
||||||
Display the keyring name at the head of key listings to show which
|
Display the keyring name at the head of key listings to show which
|
||||||
|
@ -3247,7 +3247,7 @@ buf_to_sig (const byte * buf, size_t len)
|
|||||||
* has_expired
|
* has_expired
|
||||||
* expired_date
|
* expired_date
|
||||||
*
|
*
|
||||||
* On this subkey's most revent valid self-signed packet, the
|
* On this subkey's most recent valid self-signed packet, the
|
||||||
* following field is set:
|
* following field is set:
|
||||||
*
|
*
|
||||||
* flags.chosen_selfsig
|
* flags.chosen_selfsig
|
||||||
|
@ -2071,6 +2071,8 @@ parse_list_options(char *str)
|
|||||||
N_("show revoked and expired user IDs in key listings")},
|
N_("show revoked and expired user IDs in key listings")},
|
||||||
{"show-unusable-subkeys",LIST_SHOW_UNUSABLE_SUBKEYS,NULL,
|
{"show-unusable-subkeys",LIST_SHOW_UNUSABLE_SUBKEYS,NULL,
|
||||||
N_("show revoked and expired subkeys in key listings")},
|
N_("show revoked and expired subkeys in key listings")},
|
||||||
|
{"show-unusable-sigs",LIST_SHOW_UNUSABLE_SIGS,NULL,
|
||||||
|
N_("show signatures with invalid algorithms during signature listings")},
|
||||||
{"show-keyring",LIST_SHOW_KEYRING,NULL,
|
{"show-keyring",LIST_SHOW_KEYRING,NULL,
|
||||||
N_("show the keyring name in key listings")},
|
N_("show the keyring name in key listings")},
|
||||||
{"show-sig-expire",LIST_SHOW_SIG_EXPIRE,NULL,
|
{"show-sig-expire",LIST_SHOW_SIG_EXPIRE,NULL,
|
||||||
|
@ -511,11 +511,18 @@ keyid_cmp (const u32 *a, const u32 *b)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Return true if both keyids are equal. */
|
||||||
|
static int GPGRT_ATTR_UNUSED
|
||||||
|
keyid_eq (const u32 *a, const u32 *b)
|
||||||
|
{
|
||||||
|
return a[0] == b[0] && a[1] == b[1];
|
||||||
|
}
|
||||||
|
|
||||||
/* Return whether PK is a primary key. */
|
/* Return whether PK is a primary key. */
|
||||||
static int GPGRT_ATTR_UNUSED
|
static int GPGRT_ATTR_UNUSED
|
||||||
pk_is_primary (PKT_public_key *pk)
|
pk_is_primary (PKT_public_key *pk)
|
||||||
{
|
{
|
||||||
return keyid_cmp (pk_keyid (pk), pk_main_keyid (pk)) == 0;
|
return keyid_eq (pk_keyid (pk), pk_main_keyid (pk));
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Copy the keyid in SRC to DEST and return DEST. */
|
/* Copy the keyid in SRC to DEST and return DEST. */
|
||||||
|
@ -1216,7 +1216,8 @@ cmp_signodes (const void *av, const void *bv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Helper for list_keyblock_print. */
|
/* Helper for list_keyblock_print. The caller must have set
|
||||||
|
* NODFLG_MARK_B to indicate self-signatures. */
|
||||||
static void
|
static void
|
||||||
list_signature_print (ctrl_t ctrl, kbnode_t keyblock, kbnode_t node,
|
list_signature_print (ctrl_t ctrl, kbnode_t keyblock, kbnode_t node,
|
||||||
struct keylist_context *listctx)
|
struct keylist_context *listctx)
|
||||||
@ -1247,6 +1248,11 @@ list_signature_print (ctrl_t ctrl, kbnode_t keyblock, kbnode_t node,
|
|||||||
case GPG_ERR_UNUSABLE_PUBKEY:
|
case GPG_ERR_UNUSABLE_PUBKEY:
|
||||||
listctx->no_key++;
|
listctx->no_key++;
|
||||||
return;
|
return;
|
||||||
|
case GPG_ERR_DIGEST_ALGO:
|
||||||
|
case GPG_ERR_PUBKEY_ALGO:
|
||||||
|
if (!(opt.list_options & LIST_SHOW_UNUSABLE_SIGS))
|
||||||
|
return;
|
||||||
|
/* fallthru. */
|
||||||
default:
|
default:
|
||||||
listctx->oth_err++;
|
listctx->oth_err++;
|
||||||
sigrc = '%';
|
sigrc = '%';
|
||||||
@ -1259,6 +1265,15 @@ list_signature_print (ctrl_t ctrl, kbnode_t keyblock, kbnode_t node,
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
if (!(opt.list_options & LIST_SHOW_UNUSABLE_SIGS)
|
||||||
|
&& (gpg_err_code (openpgp_pk_test_algo (sig->pubkey_algo)
|
||||||
|
== GPG_ERR_PUBKEY_ALGO)
|
||||||
|
|| gpg_err_code (openpgp_md_test_algo (sig->digest_algo)
|
||||||
|
== GPG_ERR_DIGEST_ALGO)
|
||||||
|
|| (sig->digest_algo == DIGEST_ALGO_SHA1
|
||||||
|
&& !(node->flag & NODFLG_MARK_B) /*no selfsig*/
|
||||||
|
&& !opt.flags.allow_weak_key_signatures)))
|
||||||
|
return;
|
||||||
rc = 0;
|
rc = 0;
|
||||||
sigrc = ' ';
|
sigrc = ' ';
|
||||||
}
|
}
|
||||||
@ -1306,7 +1321,9 @@ list_signature_print (ctrl_t ctrl, kbnode_t keyblock, kbnode_t node,
|
|||||||
es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc));
|
es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc));
|
||||||
else if (sigrc == '?')
|
else if (sigrc == '?')
|
||||||
;
|
;
|
||||||
else if (!opt.fast_list_mode)
|
else if ((node->flag & NODFLG_MARK_B))
|
||||||
|
es_fputs (_("[self-signature]"), es_stdout);
|
||||||
|
else if (!opt.fast_list_mode )
|
||||||
{
|
{
|
||||||
size_t n;
|
size_t n;
|
||||||
char *p = get_user_id (ctrl, sig->keyid, &n, NULL);
|
char *p = get_user_id (ctrl, sig->keyid, &n, NULL);
|
||||||
@ -1585,37 +1602,33 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
|
|||||||
else if (opt.list_sigs
|
else if (opt.list_sigs
|
||||||
&& node->pkt->pkttype == PKT_SIGNATURE && !skip_sigs)
|
&& node->pkt->pkttype == PKT_SIGNATURE && !skip_sigs)
|
||||||
{
|
{
|
||||||
if ((opt.list_options & LIST_SORT_SIGS))
|
kbnode_t n;
|
||||||
|
unsigned int sigcount = 0;
|
||||||
|
kbnode_t *sigarray;
|
||||||
|
unsigned int idx;
|
||||||
|
|
||||||
|
for (n=node; n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
|
||||||
|
sigcount++;
|
||||||
|
sigarray = xcalloc (sigcount, sizeof *sigarray);
|
||||||
|
|
||||||
|
sigcount = 0;
|
||||||
|
for (n=node; n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
|
||||||
{
|
{
|
||||||
kbnode_t n;
|
if (keyid_eq (mainkid, n->pkt->pkt.signature->keyid))
|
||||||
unsigned int sigcount = 0;
|
n->flag |= NODFLG_MARK_B; /* Is a self-sig. */
|
||||||
kbnode_t *sigarray;
|
else
|
||||||
unsigned int idx;
|
n->flag &= ~NODFLG_MARK_B;
|
||||||
|
|
||||||
for (n=node; n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
|
sigarray[sigcount++] = node = n;
|
||||||
sigcount++;
|
|
||||||
sigarray = xcalloc (sigcount, sizeof *sigarray);
|
|
||||||
|
|
||||||
sigcount = 0;
|
|
||||||
for (n=node; n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
|
|
||||||
{
|
|
||||||
if (!keyid_cmp (mainkid, n->pkt->pkt.signature->keyid))
|
|
||||||
n->flag |= NODFLG_MARK_B; /* Is a self-sig. */
|
|
||||||
else
|
|
||||||
n->flag &= ~NODFLG_MARK_B;
|
|
||||||
|
|
||||||
sigarray[sigcount++] = node = n;
|
|
||||||
}
|
|
||||||
/* Note that NODE is now at the last signature. */
|
|
||||||
|
|
||||||
qsort (sigarray, sigcount, sizeof *sigarray, cmp_signodes);
|
|
||||||
|
|
||||||
for (idx=0; idx < sigcount; idx++)
|
|
||||||
list_signature_print (ctrl, keyblock, sigarray[idx], listctx);
|
|
||||||
xfree (sigarray);
|
|
||||||
}
|
}
|
||||||
else
|
/* Note that NODE is now at the last signature. */
|
||||||
list_signature_print (ctrl, keyblock, node, listctx);
|
|
||||||
|
if ((opt.list_options & LIST_SORT_SIGS))
|
||||||
|
qsort (sigarray, sigcount, sizeof *sigarray, cmp_signodes);
|
||||||
|
|
||||||
|
for (idx=0; idx < sigcount; idx++)
|
||||||
|
list_signature_print (ctrl, keyblock, sigarray[idx], listctx);
|
||||||
|
xfree (sigarray);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
es_putc ('\n', es_stdout);
|
es_putc ('\n', es_stdout);
|
||||||
|
@ -426,6 +426,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
|
|||||||
#define LIST_SORT_SIGS (1<<13)
|
#define LIST_SORT_SIGS (1<<13)
|
||||||
#define LIST_SHOW_PREF (1<<14)
|
#define LIST_SHOW_PREF (1<<14)
|
||||||
#define LIST_SHOW_PREF_VERBOSE (1<<15)
|
#define LIST_SHOW_PREF_VERBOSE (1<<15)
|
||||||
|
#define LIST_SHOW_UNUSABLE_SIGS (1<<16)
|
||||||
|
|
||||||
#define VERIFY_SHOW_PHOTOS (1<<0)
|
#define VERIFY_SHOW_PHOTOS (1<<0)
|
||||||
#define VERIFY_SHOW_POLICY_URLS (1<<1)
|
#define VERIFY_SHOW_POLICY_URLS (1<<1)
|
||||||
|
Loading…
x
Reference in New Issue
Block a user