mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-23 15:07:03 +01:00
New option --expert
Do not allow signing a revoked UID unless --expert is set, and ask even then. Do not allow signing a revoked key unless --expert is set, and ask even then.
This commit is contained in:
parent
ebd148e553
commit
2e941ab7a3
@ -1,3 +1,13 @@
|
||||
2001-12-04 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* keyedit.c (keyedit_menu): Do not allow signing a revoked key
|
||||
unless --expert is set, and ask even then.
|
||||
|
||||
* keyedit.c (sign_uids): Do not allow signing a revoked UID unless
|
||||
--expert is set, and ask even then.
|
||||
|
||||
* g10.c, options.h : New option --expert
|
||||
|
||||
2001-11-16 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* Allow the user to select no compression via "--compress-algo 0"
|
||||
|
@ -119,6 +119,8 @@ enum cmd_and_opt_values { aNull = 0,
|
||||
aRefreshKeys,
|
||||
|
||||
oTextmode,
|
||||
oExpert,
|
||||
oNoExpert,
|
||||
oFingerprint,
|
||||
oWithFingerprint,
|
||||
oAnswerYes,
|
||||
@ -322,6 +324,8 @@ static ARGPARSE_OPTS opts[] = {
|
||||
{ oCompress, NULL, 1, N_("|N|set compress level N (0 disables)") },
|
||||
{ oTextmodeShort, NULL, 0, "@"},
|
||||
{ oTextmode, "textmode", 0, N_("use canonical text mode")},
|
||||
{ oExpert, "expert", 0, "@"},
|
||||
{ oNoExpert, "no-expert", 0, "@"},
|
||||
{ oOutput, "output", 2, N_("use as output file")},
|
||||
{ oVerbose, "verbose", 0, N_("verbose") },
|
||||
{ oQuiet, "quiet", 0, N_("be somewhat more quiet") },
|
||||
@ -1054,6 +1058,8 @@ main( int argc, char **argv )
|
||||
break;
|
||||
case oTextmodeShort: opt.textmode = 2; break;
|
||||
case oTextmode: opt.textmode=1; break;
|
||||
case oExpert: opt.expert = 1; break;
|
||||
case oNoExpert: opt.expert = 0; break;
|
||||
case oUser: /* store the local users */
|
||||
add_to_strlist2( &locusr, pargs.r.ret_str, utf8_strings );
|
||||
break;
|
||||
|
@ -275,14 +275,14 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, int local )
|
||||
*
|
||||
* We use the CERT flag to request the primary which must always
|
||||
* be one which is capable of signing keys. I can't see a reason
|
||||
* why to sign keys using a subkey. Implementation of SUAGE_CERT
|
||||
* why to sign keys using a subkey. Implementation of USAGE_CERT
|
||||
* is just a hack in getkey.c and does not mean that a subkey
|
||||
* marked as certification capable will be used */
|
||||
rc=build_sk_list( locusr, &sk_list, 0, PUBKEY_USAGE_SIG|PUBKEY_USAGE_CERT);
|
||||
if( rc )
|
||||
goto leave;
|
||||
|
||||
/* loop over all signaturs */
|
||||
/* loop over all signators */
|
||||
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
|
||||
u32 sk_keyid[2];
|
||||
size_t n;
|
||||
@ -308,6 +308,24 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, int local )
|
||||
for( node=keyblock; node; node = node->next ) {
|
||||
if( node->pkt->pkttype == PKT_USER_ID ) {
|
||||
uidnode = (node->flag & NODFLG_MARK_A)? node : NULL;
|
||||
if(uidnode && uidnode->pkt->pkt.user_id->is_revoked)
|
||||
{
|
||||
tty_printf(_("User ID \"%s\" is revoked.\n"),
|
||||
uidnode->pkt->pkt.user_id->name);
|
||||
|
||||
if(opt.expert)
|
||||
{
|
||||
tty_printf(_("Are you sure you still "
|
||||
"want to sign it?\n"));
|
||||
|
||||
/* No, so remove the mark and continue */
|
||||
if(!cpr_get_answer_is_yes("sign_uid.okay",
|
||||
_("Really sign? ")))
|
||||
uidnode->flag &= ~NODFLG_MARK_A;
|
||||
}
|
||||
else
|
||||
uidnode->flag &= ~NODFLG_MARK_A;
|
||||
}
|
||||
}
|
||||
else if( uidnode && node->pkt->pkttype == PKT_SIGNATURE
|
||||
&& (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) {
|
||||
@ -317,8 +335,10 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, int local )
|
||||
|
||||
/* Fixme: see whether there is a revocation in which
|
||||
* case we should allow to sign it again. */
|
||||
tty_printf(_("Already signed by key %08lX\n"),
|
||||
(ulong)sk_keyid[1] );
|
||||
tty_printf(_("User ID \"%s\" is already signed "
|
||||
"by key %08lX\n"),
|
||||
uidnode->pkt->pkt.user_id->name,
|
||||
(ulong)sk_keyid[1] );
|
||||
sprintf (buf, "%08lX%08lX",
|
||||
(ulong)sk->keyid[0], (ulong)sk->keyid[1] );
|
||||
write_status_text (STATUS_ALREADY_SIGNED, buf);
|
||||
@ -764,6 +784,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
|
||||
int i, arg_number;
|
||||
const char *arg_string = "";
|
||||
char *p;
|
||||
PKT_public_key *pk=keyblock->pkt->pkt.public_key;
|
||||
|
||||
tty_printf("\n");
|
||||
if( redisplay ) {
|
||||
@ -865,6 +886,22 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
|
||||
|
||||
case cmdSIGN: /* sign (only the public key) */
|
||||
case cmdLSIGN: /* sign (only the public key) */
|
||||
if( pk->is_revoked )
|
||||
{
|
||||
tty_printf(_("Key is revoked.\n"));
|
||||
|
||||
if(opt.expert)
|
||||
{
|
||||
tty_printf(_("Are you sure you still want to sign it?\n"));
|
||||
|
||||
if(!cpr_get_answer_is_yes("keyedit.sign_revoked.okay",
|
||||
_("Really sign? ")))
|
||||
break;
|
||||
}
|
||||
else
|
||||
break;
|
||||
}
|
||||
|
||||
if( count_uids(keyblock) > 1 && !count_selected_uids(keyblock) ) {
|
||||
if( !cpr_get_answer_is_yes("keyedit.sign_all.okay",
|
||||
_("Really sign all user IDs? ")) ) {
|
||||
|
@ -45,6 +45,7 @@ struct {
|
||||
int dry_run;
|
||||
int list_only;
|
||||
int textmode;
|
||||
int expert;
|
||||
int batch; /* run in batch mode */
|
||||
int answer_yes; /* answer yes on most questions */
|
||||
int answer_no; /* answer no on most questions */
|
||||
|
Loading…
x
Reference in New Issue
Block a user