security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

wks: Add option --realclean to gpg-wks-client. 

* tools/gpg-wks-client.c (oRealClean): New.
(opts): Add "realclean".
(parse_arguments): Implement.
(main): Take a copy of the module name to fix bad assignment from a
former patch.
* tools/gpg-wks-server.c (main): Ditto.
* tools/gpg-wks.h (opt): Add field realclean.
* tools/wks-util.c (wks_get_key): Call gpg with export-realclean
depending on the new option.
--

The default for gpg-wks-client is to install keys with all valid key
signatures.  The new option will eventually allow to install the keys
only with key signatures done by trusted-keys.  Also the export-option
is in gpg, it requires one more gpg patch to make it actually work.
This commit is contained in:
Werner Koch 2024-03-04 14:28:48 +01:00
parent 74e4dd3668
commit 36a3550bff
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
tools/gpg-wks-client.c
View File

@ -78,6 +78,7 @@ enum cmd_and_opt_values
oNoAutostart,
oAddRevocs,
oNoAddRevocs,
oRealClean,
oDummy
};
@ -121,8 +122,9 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_n (oWithColons, "with-colons", "@"),
ARGPARSE_s_s (oBlacklist, "blacklist", "@"),
ARGPARSE_s_s (oDirectory, "directory", "@"),
ARGPARSE_s_n (oAddRevocs, "add-revocs", "add revocation certificates"),
ARGPARSE_s_n (oAddRevocs, "add-revocs", "@"),
ARGPARSE_s_n (oNoAddRevocs, "no-add-revocs", "do not add revocation certificates"),
ARGPARSE_s_n (oRealClean, "realclean", "remove most key signatures"),
ARGPARSE_s_s (oFakeSubmissionAddr, "fake-submission-addr", "@"),
@ -273,6 +275,10 @@ parse_arguments (gpgrt_argparse_t *pargs, gpgrt_opt_t *popts)
opt.add_revocs = 0;
break;
case oRealClean:
opt.realclean = 1;
break;
case aSupported:
case aCreate:
case aReceive:
@ -358,7 +364,7 @@ main (int argc, char **argv)
/* Set defaults for non given options. */
if (!opt.gpg_program)
opt.gpg_program = gnupg_module_name (GNUPG_MODULE_NAME_GPG);
opt.gpg_program = xstrdup (gnupg_module_name (GNUPG_MODULE_NAME_GPG));
if (!opt.directory)
opt.directory = "openpgpkey";

2
tools/gpg-wks-server.c
View File

@ -308,7 +308,7 @@ main (int argc, char **argv)
/* Set defaults for non given options. */
if (!opt.gpg_program)
opt.gpg_program = gnupg_module_name (GNUPG_MODULE_NAME_GPG);
opt.gpg_program = xstrdup (gnupg_module_name (GNUPG_MODULE_NAME_GPG));
if (!opt.directory)
opt.directory = "/var/lib/gnupg/wks";

1
tools/gpg-wks.h
View File

@ -40,6 +40,7 @@ struct
int with_colons;
int no_autostart;
int add_revocs;
int realclean;
char *output;
char *gpg_program;
char *directory;

3
tools/wks-util.c
View File

@ -246,7 +246,8 @@ wks_get_key (estream_t *r_key, const char *fingerprint, const char *addrspec,
ccparray_put (&ccp, "--always-trust");
if (!binary)
ccparray_put (&ccp, "--armor");
ccparray_put (&ccp, "--export-options=export-clean");
ccparray_put (&ccp, opt.realclean? "--export-options=export-realclean"
/* */ : "--export-options=export-clean");
ccparray_put (&ccp, "--export-filter");
ccparray_put (&ccp, filterexp);
ccparray_put (&ccp, "--export");