mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
From stable branch
* keyedit.c (menu_addrevoker): The direct key signature for revocation keys must be at least v4 to carry the revocation key subpacket. Add a PGP 2.x warning for revocation keys. * g10.c (check_permissions): Rearrange strings to make translating easier (don't incorporate string parts). * keyedit.c (sign_uids): Make strings translatable. * sig-check.c (check_key_signature2): Make string translatable.
This commit is contained in:
parent
6794524789
commit
299e2bf336
@ -1,3 +1,18 @@
|
||||
2002-09-16 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* keyedit.c (menu_addrevoker): The direct key signature for
|
||||
revocation keys must be at least v4 to carry the revocation key
|
||||
subpacket. Add a PGP 2.x warning for revocation keys.
|
||||
|
||||
2002-09-14 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* g10.c (check_permissions): Rearrange strings to make translating
|
||||
easier (don't incorporate string parts).
|
||||
|
||||
* keyedit.c (sign_uids): Make strings translatable.
|
||||
|
||||
* sig-check.c (check_key_signature2): Make string translatable.
|
||||
|
||||
2002-09-13 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* getkey.c (check_revocation_keys): Move....
|
||||
|
66
g10/g10.c
66
g10/g10.c
@ -25,6 +25,7 @@
|
||||
#include <string.h>
|
||||
#include <ctype.h>
|
||||
#include <unistd.h>
|
||||
#include <assert.h>
|
||||
#ifdef HAVE_DOSISH_SYSTEM
|
||||
#include <fcntl.h> /* for setmode() */
|
||||
#endif
|
||||
@ -850,7 +851,7 @@ check_permissions(const char *path,int item)
|
||||
{
|
||||
#if defined(HAVE_STAT) && !defined(HAVE_DOSISH_SYSTEM)
|
||||
static int homedir_cache=-1;
|
||||
char *tmppath,*isa,*dir;
|
||||
char *tmppath,*dir;
|
||||
struct stat statbuf,dirbuf;
|
||||
int homedir=0,ret=0,checkonly=0;
|
||||
int perm=0,own=0,enc_dir_perm=0,enc_dir_own=0;
|
||||
@ -858,6 +859,8 @@ check_permissions(const char *path,int item)
|
||||
if(opt.no_perm_warn)
|
||||
return 0;
|
||||
|
||||
assert(item==0 || item==1 || item==2);
|
||||
|
||||
/* extensions may attach a path */
|
||||
if(item==2 && path[0]!=DIRSEP_C)
|
||||
{
|
||||
@ -907,8 +910,6 @@ check_permissions(const char *path,int item)
|
||||
|
||||
if(item==0)
|
||||
{
|
||||
isa="homedir";
|
||||
|
||||
/* The homedir must be x00, a directory, and owned by the user. */
|
||||
|
||||
if(S_ISDIR(statbuf.st_mode))
|
||||
@ -928,11 +929,6 @@ check_permissions(const char *path,int item)
|
||||
}
|
||||
else if(item==1 || item==2)
|
||||
{
|
||||
if(item==1)
|
||||
isa="configuration file";
|
||||
else
|
||||
isa="extension";
|
||||
|
||||
/* The options or extension file. Okay unless it or its
|
||||
containing directory is group or other writable or not owned
|
||||
by us or root. */
|
||||
@ -980,19 +976,53 @@ check_permissions(const char *path,int item)
|
||||
if(!checkonly)
|
||||
{
|
||||
if(own)
|
||||
log_info(_("WARNING: unsafe ownership on %s \"%s\"\n"),
|
||||
isa,tmppath);
|
||||
{
|
||||
if(item==0)
|
||||
log_info(_("WARNING: unsafe ownership on "
|
||||
"homedir \"%s\"\n"),tmppath);
|
||||
else if(item==1)
|
||||
log_info(_("WARNING: unsafe ownership on "
|
||||
"configuration file \"%s\"\n"),tmppath);
|
||||
else
|
||||
log_info(_("WARNING: unsafe ownership on "
|
||||
"extension \"%s\"\n"),tmppath);
|
||||
}
|
||||
if(perm)
|
||||
log_info(_("WARNING: unsafe permissions on %s \"%s\"\n"),
|
||||
isa,tmppath);
|
||||
{
|
||||
if(item==0)
|
||||
log_info(_("WARNING: unsafe permissions on "
|
||||
"homedir \"%s\"\n"),tmppath);
|
||||
else if(item==1)
|
||||
log_info(_("WARNING: unsafe permissions on "
|
||||
"configuration file \"%s\"\n"),tmppath);
|
||||
else
|
||||
log_info(_("WARNING: unsafe permissions on "
|
||||
"extension \"%s\"\n"),tmppath);
|
||||
}
|
||||
if(enc_dir_own)
|
||||
log_info(_("WARNING: unsafe enclosing directory "
|
||||
"ownership on %s \"%s\"\n"),
|
||||
isa,tmppath);
|
||||
{
|
||||
if(item==0)
|
||||
log_info(_("WARNING: unsafe enclosing directory ownership on "
|
||||
"homedir \"%s\"\n"),tmppath);
|
||||
else if(item==1)
|
||||
log_info(_("WARNING: unsafe enclosing directory ownership on "
|
||||
"configuration file \"%s\"\n"),tmppath);
|
||||
else
|
||||
log_info(_("WARNING: unsafe enclosing directory ownership on "
|
||||
"extension \"%s\"\n"),tmppath);
|
||||
}
|
||||
if(enc_dir_perm)
|
||||
log_info(_("WARNING: unsafe enclosing directory "
|
||||
"permissions on %s \"%s\"\n"),
|
||||
isa,tmppath);
|
||||
{
|
||||
if(item==0)
|
||||
log_info(_("WARNING: unsafe enclosing directory permissions on "
|
||||
"homedir \"%s\"\n"),tmppath);
|
||||
else if(item==1)
|
||||
log_info(_("WARNING: unsafe enclosing directory permissions on "
|
||||
"configuration file \"%s\"\n"),tmppath);
|
||||
else
|
||||
log_info(_("WARNING: unsafe enclosing directory permissions on "
|
||||
"extension \"%s\"\n"),tmppath);
|
||||
}
|
||||
}
|
||||
|
||||
end:
|
||||
|
@ -562,13 +562,13 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
|
||||
"above? If you don't know what to answer, enter \"0\".\n"));
|
||||
tty_printf("\n");
|
||||
tty_printf(_(" (0) I will not answer.%s\n"),
|
||||
opt.def_cert_check_level==0?" (default)":"");
|
||||
opt.def_cert_check_level==0?_(" (default)"):"");
|
||||
tty_printf(_(" (1) I have not checked at all.%s\n"),
|
||||
opt.def_cert_check_level==1?" (default)":"");
|
||||
opt.def_cert_check_level==1?_(" (default)"):"");
|
||||
tty_printf(_(" (2) I have done casual checking.%s\n"),
|
||||
opt.def_cert_check_level==2?" (default)":"");
|
||||
opt.def_cert_check_level==2?_(" (default)"):"");
|
||||
tty_printf(_(" (3) I have done very careful checking.%s\n"),
|
||||
opt.def_cert_check_level==3?" (default)":"");
|
||||
opt.def_cert_check_level==3?_(" (default)"):"");
|
||||
tty_printf("\n");
|
||||
|
||||
while(class==0)
|
||||
@ -1992,8 +1992,9 @@ menu_adduid( KBNODE pub_keyblock, KBNODE sec_keyblock, int photo)
|
||||
|
||||
/* It is legal but bad for compatibility to add a photo ID to a
|
||||
v3 key as it means that PGP2 will not be able to use that key
|
||||
anymore. Don't bother to ask this if the key already has a
|
||||
photo - any damage has already been done at that point. -dms */
|
||||
anymore. Also, PGP may not expect a photo on a v3 key.
|
||||
Don't bother to ask this if the key already has a photo - any
|
||||
damage has already been done at that point. -dms */
|
||||
if(pk->version==3 && !hasattrib)
|
||||
{
|
||||
if(opt.expert)
|
||||
@ -2261,6 +2262,33 @@ menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock, int sensitive )
|
||||
assert(sec_keyblock->pkt->pkttype==PKT_SECRET_KEY);
|
||||
|
||||
pk=pub_keyblock->pkt->pkt.public_key;
|
||||
|
||||
if(pk->numrevkeys==0 && pk->version==3)
|
||||
{
|
||||
/* It is legal but bad for compatibility to add a revoker to a
|
||||
v3 key as it means that PGP2 will not be able to use that key
|
||||
anymore. Also, PGP may not expect a revoker on a v3 key.
|
||||
Don't bother to ask this if the key already has a revoker -
|
||||
any damage has already been done at that point. -dms */
|
||||
if(opt.expert)
|
||||
{
|
||||
tty_printf(_("WARNING: This is a PGP 2.x-style key. "
|
||||
"Adding a designated revoker may cause\n"
|
||||
" some versions of PGP to reject this key.\n"));
|
||||
|
||||
if(!cpr_get_answer_is_yes("keyedit.v3_revoker.okay",
|
||||
_("Are you sure you still want "
|
||||
"to add it? (y/N) ")))
|
||||
return 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
tty_printf(_("You may not add a designated revoker to "
|
||||
"a PGP 2.x-style key.\n"));
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
sk=copy_secret_key(NULL,sec_keyblock->pkt->pkt.secret_key);
|
||||
|
||||
for(;;)
|
||||
@ -2340,7 +2368,9 @@ menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock, int sensitive )
|
||||
break;
|
||||
}
|
||||
|
||||
rc = make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x1F, 0, 0, 0, 0,
|
||||
/* The 1F signature must be at least v4 to carry the revocation key
|
||||
subpacket. */
|
||||
rc = make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x1F, 0, 4, 0, 0,
|
||||
keygen_add_revkey,&revkey );
|
||||
if( rc )
|
||||
{
|
||||
|
@ -546,7 +546,8 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig,
|
||||
}
|
||||
else {
|
||||
if (!opt.quiet)
|
||||
log_info ("key %08lX: no subkey for subkey revocation packet\n",
|
||||
log_info (_("key %08lX: no subkey for subkey "
|
||||
"revocation packet\n"),
|
||||
(ulong)keyid_from_pk (pk, NULL));
|
||||
rc = G10ERR_SIG_CLASS;
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user