From 9a70afe2b31365b63cce1ee70fef6a244415cd1a Mon Sep 17 00:00:00 2001 From: David Shaw Date: Thu, 25 Nov 2004 03:58:42 +0000 Subject: [PATCH] * options.h, export.c (parse_export_options, do_export_stream): Add "export-minimal" option to disregard any sigs except selfsigs. --- g10/ChangeLog | 3 +++ g10/export.c | 60 ++++++++++++++++++++++++++++++++------------------- g10/options.h | 5 ++++- 3 files changed, 45 insertions(+), 23 deletions(-) diff --git a/g10/ChangeLog b/g10/ChangeLog index c9568407c..3e5681a05 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,5 +1,8 @@ 2004-11-24 David Shaw + * options.h, export.c (parse_export_options, do_export_stream): + Add "export-minimal" option to disregard any sigs except selfsigs. + * trustdb.c (uid_trust_string_fixed): Use a string that can be atoi-ed, but also has a comment for the translator. diff --git a/g10/export.c b/g10/export.c index 3731dab8f..40e5b4424 100644 --- a/g10/export.c +++ b/g10/export.c @@ -48,6 +48,7 @@ parse_export_options(char *str,unsigned int *options,int noisy) {"include-local-sigs",EXPORT_INCLUDE_LOCAL_SIGS,NULL}, {"include-attributes",EXPORT_INCLUDE_ATTRIBUTES,NULL}, {"include-sensitive-revkeys",EXPORT_INCLUDE_SENSITIVE_REVKEYS,NULL}, + {"export-minimal",EXPORT_MINIMAL,NULL}, {NULL,0,NULL} /* add tags for include revoked and disabled? */ }; @@ -140,6 +141,7 @@ do_export_stream( IOBUF out, STRLIST users, int secret, KEYDB_SEARCH_DESC *desc = NULL; KEYDB_HANDLE kdbhd; STRLIST sl; + u32 pk_keyid[2]; *any = 0; init_packet( &pkt ); @@ -193,8 +195,7 @@ do_export_stream( IOBUF out, STRLIST users, int secret, goto leave; } - node=find_kbnode( keyblock, PKT_SECRET_KEY ); - if(node) + if((node=find_kbnode(keyblock,PKT_SECRET_KEY))) { PKT_secret_key *sk=node->pkt->pkt.secret_key; @@ -216,6 +217,9 @@ do_export_stream( IOBUF out, STRLIST users, int secret, continue; } } + else if((options&EXPORT_MINIMAL) + && (node=find_kbnode(keyblock,PKT_PUBLIC_KEY))) + keyid_from_pk(node->pkt->pkt.public_key,pk_keyid); /* and write it */ for( kbctx=NULL; (node = walk_kbnode( keyblock, &kbctx, 0 )); ) { @@ -301,28 +305,40 @@ do_export_stream( IOBUF out, STRLIST users, int secret, continue; } - if( node->pkt->pkttype == PKT_SIGNATURE ) { - /* do not export packets which are marked as not exportable */ - if( !(options&EXPORT_INCLUDE_LOCAL_SIGS) && - !node->pkt->pkt.signature->flags.exportable ) - continue; /* not exportable */ - - /* Do not export packets with a "sensitive" revocation - key unless the user wants us to. Note that we do - export these when issuing the actual revocation (see - revoke.c). */ - if( !(options&EXPORT_INCLUDE_SENSITIVE_REVKEYS) && - node->pkt->pkt.signature->revkey ) { - int i; - - for(i=0;ipkt->pkt.signature->numrevkeys;i++) - if(node->pkt->pkt.signature->revkey[i]->class & 0x40) - break; - - if(ipkt->pkt.signature->numrevkeys) + if( node->pkt->pkttype == PKT_SIGNATURE ) + { + /* If we have minimal-export turned on, do not include + any signature that isn't a selfsig. Note that this + only applies to uid sigs (0x10, 0x11, 0x12, and + 0x13). A designated revocation is not stripped. */ + if((options&EXPORT_MINIMAL) + && IS_UID_SIG(node->pkt->pkt.signature) + && (node->pkt->pkt.signature->keyid[0]!=pk_keyid[0] + || node->pkt->pkt.signature->keyid[1]!=pk_keyid[1])) continue; + + /* do not export packets which are marked as not exportable */ + if(!(options&EXPORT_INCLUDE_LOCAL_SIGS) + && !node->pkt->pkt.signature->flags.exportable) + continue; /* not exportable */ + + /* Do not export packets with a "sensitive" revocation + key unless the user wants us to. Note that we do + export these when issuing the actual revocation + (see revoke.c). */ + if(!(options&EXPORT_INCLUDE_SENSITIVE_REVKEYS) + && node->pkt->pkt.signature->revkey) + { + int i; + + for(i=0;ipkt->pkt.signature->numrevkeys;i++) + if(node->pkt->pkt.signature->revkey[i]->class & 0x40) + break; + + if(ipkt->pkt.signature->numrevkeys) + continue; + } } - } /* Don't export attribs? */ if( !(options&EXPORT_INCLUDE_ATTRIBUTES) && diff --git a/g10/options.h b/g10/options.h index 66dfb80d0..7f71a7032 100644 --- a/g10/options.h +++ b/g10/options.h @@ -241,7 +241,9 @@ struct { #define PGP7 (opt.compliance==CO_PGP7) #define PGP8 (opt.compliance==CO_PGP8) -/* Various option flags */ +/* Various option flags. Note that there should be no common string + names between the IMPORT_ and EXPORT_ flags as they can be mixed in + the keyserver-options option. */ #define IMPORT_ALLOW_LOCAL_SIGS (1<<0) #define IMPORT_REPAIR_PKS_SUBKEY_BUG (1<<1) @@ -252,6 +254,7 @@ struct { #define EXPORT_INCLUDE_LOCAL_SIGS (1<<0) #define EXPORT_INCLUDE_ATTRIBUTES (1<<1) #define EXPORT_INCLUDE_SENSITIVE_REVKEYS (1<<2) +#define EXPORT_MINIMAL (1<<3) #define LIST_SHOW_PHOTOS (1<<0) #define LIST_SHOW_POLICY_URLS (1<<1)