mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
gpg: Check and fix keys on import.
* doc/gpg.texi: Document the new import option. * g10/gpg.c (main): Make the new option default to yes. * g10/import.c (parse_import_options): Parse the new option. (import_one): Act on the new option. * g10/options.h (IMPORT_REPAIR_KEYS): New macro. GnuPG-bug-id: 2236 Signed-off-by: Justus Winter <justus@g10code.com>
This commit is contained in:
parent
404fa8211b
commit
9b12b45aa5
@ -2304,6 +2304,10 @@ opposite meaning. The options are:
|
|||||||
on the keyring. This option is the same as running the @option{--edit-key}
|
on the keyring. This option is the same as running the @option{--edit-key}
|
||||||
command "clean" after import. Defaults to no.
|
command "clean" after import. Defaults to no.
|
||||||
|
|
||||||
|
@item repair-keys. After import, fix various problems with the
|
||||||
|
keys. For example, this reorders signatures, and strips duplicate
|
||||||
|
signatures. Defaults to yes.
|
||||||
|
|
||||||
@item import-minimal
|
@item import-minimal
|
||||||
Import the smallest key possible. This removes all signatures except
|
Import the smallest key possible. This removes all signatures except
|
||||||
the most recent self-signature on each user ID. This option is the
|
the most recent self-signature on each user ID. This option is the
|
||||||
|
@ -2353,9 +2353,10 @@ main (int argc, char **argv)
|
|||||||
opt.max_cert_depth = 5;
|
opt.max_cert_depth = 5;
|
||||||
opt.escape_from = 1;
|
opt.escape_from = 1;
|
||||||
opt.flags.require_cross_cert = 1;
|
opt.flags.require_cross_cert = 1;
|
||||||
opt.import_options = 0;
|
opt.import_options = IMPORT_REPAIR_KEYS;
|
||||||
opt.export_options = EXPORT_ATTRIBUTES;
|
opt.export_options = EXPORT_ATTRIBUTES;
|
||||||
opt.keyserver_options.import_options = IMPORT_REPAIR_PKS_SUBKEY_BUG;
|
opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
|
||||||
|
| IMPORT_REPAIR_PKS_SUBKEY_BUG);
|
||||||
opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
|
opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
|
||||||
opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
|
opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
|
||||||
opt.verify_options = (LIST_SHOW_UID_VALIDITY
|
opt.verify_options = (LIST_SHOW_UID_VALIDITY
|
||||||
|
@ -40,6 +40,7 @@
|
|||||||
#include "../common/membuf.h"
|
#include "../common/membuf.h"
|
||||||
#include "../common/init.h"
|
#include "../common/init.h"
|
||||||
#include "../common/mbox-util.h"
|
#include "../common/mbox-util.h"
|
||||||
|
#include "key-check.h"
|
||||||
|
|
||||||
|
|
||||||
struct import_stats_s
|
struct import_stats_s
|
||||||
@ -179,6 +180,9 @@ parse_import_options(char *str,unsigned int *options,int noisy)
|
|||||||
N_("assume the GnuPG key backup format")},
|
N_("assume the GnuPG key backup format")},
|
||||||
{"import-restore", IMPORT_RESTORE, NULL, NULL},
|
{"import-restore", IMPORT_RESTORE, NULL, NULL},
|
||||||
|
|
||||||
|
{"repair-keys", IMPORT_REPAIR_KEYS, NULL,
|
||||||
|
N_("repair keys on import")},
|
||||||
|
|
||||||
/* Aliases for backward compatibility */
|
/* Aliases for backward compatibility */
|
||||||
{"allow-local-sigs",IMPORT_LOCAL_SIGS,NULL,NULL},
|
{"allow-local-sigs",IMPORT_LOCAL_SIGS,NULL,NULL},
|
||||||
{"repair-hkp-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,NULL},
|
{"repair-hkp-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,NULL},
|
||||||
@ -1482,6 +1486,9 @@ import_one (ctrl_t ctrl,
|
|||||||
log_info (_("key %s: PKS subkey corruption repaired\n"),
|
log_info (_("key %s: PKS subkey corruption repaired\n"),
|
||||||
keystr_from_pk(pk));
|
keystr_from_pk(pk));
|
||||||
|
|
||||||
|
if ((options & IMPORT_REPAIR_KEYS))
|
||||||
|
key_check_all_keysigs (ctrl, keyblock, 0, 0);
|
||||||
|
|
||||||
if (chk_self_sigs (ctrl, keyblock, keyid, &non_self))
|
if (chk_self_sigs (ctrl, keyblock, keyid, &non_self))
|
||||||
return 0; /* Invalid keyblock - error already printed. */
|
return 0; /* Invalid keyblock - error already printed. */
|
||||||
|
|
||||||
|
@ -346,6 +346,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
|
|||||||
#define IMPORT_KEEP_OWNERTTRUST (1<<8)
|
#define IMPORT_KEEP_OWNERTTRUST (1<<8)
|
||||||
#define IMPORT_EXPORT (1<<9)
|
#define IMPORT_EXPORT (1<<9)
|
||||||
#define IMPORT_RESTORE (1<<10)
|
#define IMPORT_RESTORE (1<<10)
|
||||||
|
#define IMPORT_REPAIR_KEYS (1<<11)
|
||||||
|
|
||||||
#define EXPORT_LOCAL_SIGS (1<<0)
|
#define EXPORT_LOCAL_SIGS (1<<0)
|
||||||
#define EXPORT_ATTRIBUTES (1<<1)
|
#define EXPORT_ATTRIBUTES (1<<1)
|
||||||
|
Loading…
x
Reference in New Issue
Block a user