1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

From stable branch

* keyedit.c (menu_addrevoker): The direct key signature for revocation
keys must be at least v4 to carry the revocation key subpacket.  Add a PGP
2.x warning for revocation keys.

* g10.c (check_permissions): Rearrange strings to make translating easier
(don't incorporate string parts).

* keyedit.c (sign_uids): Make strings translatable.

* sig-check.c (check_key_signature2): Make string translatable.
This commit is contained in:
David Shaw 2002-09-17 03:21:13 +00:00
parent 6794524789
commit 299e2bf336
4 changed files with 102 additions and 26 deletions

View File

@ -1,3 +1,18 @@
2002-09-16 David Shaw <dshaw@jabberwocky.com>
* keyedit.c (menu_addrevoker): The direct key signature for
revocation keys must be at least v4 to carry the revocation key
subpacket. Add a PGP 2.x warning for revocation keys.
2002-09-14 David Shaw <dshaw@jabberwocky.com>
* g10.c (check_permissions): Rearrange strings to make translating
easier (don't incorporate string parts).
* keyedit.c (sign_uids): Make strings translatable.
* sig-check.c (check_key_signature2): Make string translatable.
2002-09-13 David Shaw <dshaw@jabberwocky.com>
* getkey.c (check_revocation_keys): Move....

View File

@ -25,6 +25,7 @@
#include <string.h>
#include <ctype.h>
#include <unistd.h>
#include <assert.h>
#ifdef HAVE_DOSISH_SYSTEM
#include <fcntl.h> /* for setmode() */
#endif
@ -850,7 +851,7 @@ check_permissions(const char *path,int item)
{
#if defined(HAVE_STAT) && !defined(HAVE_DOSISH_SYSTEM)
static int homedir_cache=-1;
char *tmppath,*isa,*dir;
char *tmppath,*dir;
struct stat statbuf,dirbuf;
int homedir=0,ret=0,checkonly=0;
int perm=0,own=0,enc_dir_perm=0,enc_dir_own=0;
@ -858,6 +859,8 @@ check_permissions(const char *path,int item)
if(opt.no_perm_warn)
return 0;
assert(item==0 || item==1 || item==2);
/* extensions may attach a path */
if(item==2 && path[0]!=DIRSEP_C)
{
@ -907,8 +910,6 @@ check_permissions(const char *path,int item)
if(item==0)
{
isa="homedir";
/* The homedir must be x00, a directory, and owned by the user. */
if(S_ISDIR(statbuf.st_mode))
@ -928,11 +929,6 @@ check_permissions(const char *path,int item)
}
else if(item==1 || item==2)
{
if(item==1)
isa="configuration file";
else
isa="extension";
/* The options or extension file. Okay unless it or its
containing directory is group or other writable or not owned
by us or root. */
@ -980,19 +976,53 @@ check_permissions(const char *path,int item)
if(!checkonly)
{
if(own)
log_info(_("WARNING: unsafe ownership on %s \"%s\"\n"),
isa,tmppath);
{
if(item==0)
log_info(_("WARNING: unsafe ownership on "
"homedir \"%s\"\n"),tmppath);
else if(item==1)
log_info(_("WARNING: unsafe ownership on "
"configuration file \"%s\"\n"),tmppath);
else
log_info(_("WARNING: unsafe ownership on "
"extension \"%s\"\n"),tmppath);
}
if(perm)
log_info(_("WARNING: unsafe permissions on %s \"%s\"\n"),
isa,tmppath);
{
if(item==0)
log_info(_("WARNING: unsafe permissions on "
"homedir \"%s\"\n"),tmppath);
else if(item==1)
log_info(_("WARNING: unsafe permissions on "
"configuration file \"%s\"\n"),tmppath);
else
log_info(_("WARNING: unsafe permissions on "
"extension \"%s\"\n"),tmppath);
}
if(enc_dir_own)
log_info(_("WARNING: unsafe enclosing directory "
"ownership on %s \"%s\"\n"),
isa,tmppath);
{
if(item==0)
log_info(_("WARNING: unsafe enclosing directory ownership on "
"homedir \"%s\"\n"),tmppath);
else if(item==1)
log_info(_("WARNING: unsafe enclosing directory ownership on "
"configuration file \"%s\"\n"),tmppath);
else
log_info(_("WARNING: unsafe enclosing directory ownership on "
"extension \"%s\"\n"),tmppath);
}
if(enc_dir_perm)
log_info(_("WARNING: unsafe enclosing directory "
"permissions on %s \"%s\"\n"),
isa,tmppath);
{
if(item==0)
log_info(_("WARNING: unsafe enclosing directory permissions on "
"homedir \"%s\"\n"),tmppath);
else if(item==1)
log_info(_("WARNING: unsafe enclosing directory permissions on "
"configuration file \"%s\"\n"),tmppath);
else
log_info(_("WARNING: unsafe enclosing directory permissions on "
"extension \"%s\"\n"),tmppath);
}
}
end:

View File

@ -562,13 +562,13 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
"above? If you don't know what to answer, enter \"0\".\n"));
tty_printf("\n");
tty_printf(_(" (0) I will not answer.%s\n"),
opt.def_cert_check_level==0?" (default)":"");
opt.def_cert_check_level==0?_(" (default)"):"");
tty_printf(_(" (1) I have not checked at all.%s\n"),
opt.def_cert_check_level==1?" (default)":"");
opt.def_cert_check_level==1?_(" (default)"):"");
tty_printf(_(" (2) I have done casual checking.%s\n"),
opt.def_cert_check_level==2?" (default)":"");
opt.def_cert_check_level==2?_(" (default)"):"");
tty_printf(_(" (3) I have done very careful checking.%s\n"),
opt.def_cert_check_level==3?" (default)":"");
opt.def_cert_check_level==3?_(" (default)"):"");
tty_printf("\n");
while(class==0)
@ -1992,8 +1992,9 @@ menu_adduid( KBNODE pub_keyblock, KBNODE sec_keyblock, int photo)
/* It is legal but bad for compatibility to add a photo ID to a
v3 key as it means that PGP2 will not be able to use that key
anymore. Don't bother to ask this if the key already has a
photo - any damage has already been done at that point. -dms */
anymore. Also, PGP may not expect a photo on a v3 key.
Don't bother to ask this if the key already has a photo - any
damage has already been done at that point. -dms */
if(pk->version==3 && !hasattrib)
{
if(opt.expert)
@ -2261,6 +2262,33 @@ menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock, int sensitive )
assert(sec_keyblock->pkt->pkttype==PKT_SECRET_KEY);
pk=pub_keyblock->pkt->pkt.public_key;
if(pk->numrevkeys==0 && pk->version==3)
{
/* It is legal but bad for compatibility to add a revoker to a
v3 key as it means that PGP2 will not be able to use that key
anymore. Also, PGP may not expect a revoker on a v3 key.
Don't bother to ask this if the key already has a revoker -
any damage has already been done at that point. -dms */
if(opt.expert)
{
tty_printf(_("WARNING: This is a PGP 2.x-style key. "
"Adding a designated revoker may cause\n"
" some versions of PGP to reject this key.\n"));
if(!cpr_get_answer_is_yes("keyedit.v3_revoker.okay",
_("Are you sure you still want "
"to add it? (y/N) ")))
return 0;
}
else
{
tty_printf(_("You may not add a designated revoker to "
"a PGP 2.x-style key.\n"));
return 0;
}
}
sk=copy_secret_key(NULL,sec_keyblock->pkt->pkt.secret_key);
for(;;)
@ -2340,7 +2368,9 @@ menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock, int sensitive )
break;
}
rc = make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x1F, 0, 0, 0, 0,
/* The 1F signature must be at least v4 to carry the revocation key
subpacket. */
rc = make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x1F, 0, 4, 0, 0,
keygen_add_revkey,&revkey );
if( rc )
{

View File

@ -546,7 +546,8 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig,
}
else {
if (!opt.quiet)
log_info ("key %08lX: no subkey for subkey revocation packet\n",
log_info (_("key %08lX: no subkey for subkey "
"revocation packet\n"),
(ulong)keyid_from_pk (pk, NULL));
rc = G10ERR_SIG_CLASS;
}