security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-09 12:54:23 +01:00
Code Activity

* options.skel: Note that keyserver.pgp.com isn't synchronized, and

Browse Source 
explain the roundrobin a bit better.

* sig-check.c (check_key_signature2), import.c (import_one,
import_revoke_cert, chk_self_sigs, delete_inv_parts, collapse_uids,
merge_blocks): Make much quieter during import of slightly munged, but
recoverable, keys. Use log_error for unrecoverable import failures.
This commit is contained in:
David Shaw 2003-08-19 02:58:25 +00:00
parent 82dc505d6f
commit 9fb045f01c
4 changed files with 89 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
g10/ChangeLog
View File

@ -1,3 +1,14 @@
2003-08-18 David Shaw <dshaw@jabberwocky.com>
* options.skel: Note that keyserver.pgp.com isn't synchronized,
and explain the roundrobin a bit better.
* sig-check.c (check_key_signature2), import.c (import_one,
import_revoke_cert, chk_self_sigs, delete_inv_parts,
collapse_uids, merge_blocks): Make much quieter during import of
slightly munged, but recoverable, keys. Use log_error for
unrecoverable import failures.
2003-08-12 David Shaw <dshaw@jabberwocky.com> 2003-08-12 David Shaw <dshaw@jabberwocky.com>
* keyring.c (keyring_rebuild_cache): Comment. * keyring.c (keyring_rebuild_cache): Comment.

54
g10/import.c
View File

@ -582,7 +582,8 @@ import_one( const char *fname, KBNODE keyblock, int fast,
/* It's really PKS corruption, not HKP corruption, but I won't /* It's really PKS corruption, not HKP corruption, but I won't
change the string in stable. */ change the string in stable. */
if((options&IMPORT_REPAIR_PKS_SUBKEY_BUG) && fix_pks_corruption(keyblock)) if((options&IMPORT_REPAIR_PKS_SUBKEY_BUG) && fix_pks_corruption(keyblock)
&& opt.verbose)
log_info(_("key %08lX: HKP subkey corruption repaired\n"), log_info(_("key %08lX: HKP subkey corruption repaired\n"),
(ulong)keyid[1]); (ulong)keyid[1]);
@ -604,11 +605,9 @@ import_one( const char *fname, KBNODE keyblock, int fast,
} }
if( !delete_inv_parts( fname, keyblock, keyid, options ) ) { if( !delete_inv_parts( fname, keyblock, keyid, options ) ) {
if( !opt.quiet ) { log_error( _("key %08lX: no valid user IDs\n"), (ulong)keyid[1]);
log_info( _("key %08lX: no valid user IDs\n"), if( !opt.quiet )
(ulong)keyid[1]);
log_info(_("this may be caused by a missing self-signature\n")); log_info(_("this may be caused by a missing self-signature\n"));
}
stats->no_user_id++; stats->no_user_id++;
return 0; return 0;
} }
@ -898,7 +897,7 @@ import_revoke_cert( const char *fname, KBNODE node, struct stats_s *stats )
pk = m_alloc_clear( sizeof *pk ); pk = m_alloc_clear( sizeof *pk );
rc = get_pubkey( pk, keyid ); rc = get_pubkey( pk, keyid );
if( rc == G10ERR_NO_PUBKEY ) { if( rc == G10ERR_NO_PUBKEY ) {
log_info( _("key %08lX: no public key - " log_error( _("key %08lX: no public key - "
"can't apply revocation certificate\n"), (ulong)keyid[1]); "can't apply revocation certificate\n"), (ulong)keyid[1]);
rc = 0; rc = 0;
goto leave; goto leave;
@ -1042,6 +1041,8 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
if(!(unode->flag&1)) { if(!(unode->flag&1)) {
rc = check_key_signature( keyblock, n, NULL); rc = check_key_signature( keyblock, n, NULL);
if( rc ) if( rc )
{
if( opt.verbose )
{ {
char *p=utf8_to_native(unode->pkt->pkt.user_id->name, char *p=utf8_to_native(unode->pkt->pkt.user_id->name,
strlen(unode->pkt->pkt.user_id->name),0); strlen(unode->pkt->pkt.user_id->name),0);
@ -1053,6 +1054,7 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
(ulong)keyid[1],p); (ulong)keyid[1],p);
m_free(p); m_free(p);
} }
}
else else
unode->flag |= 1; /* mark that signature checked */ unode->flag |= 1; /* mark that signature checked */
} }
@ -1063,6 +1065,7 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
revocation targets, this may need to be revised. */ revocation targets, this may need to be revised. */
if( !knode ) { if( !knode ) {
if(opt.verbose)
log_info( _("key %08lX: no subkey for key binding\n"), log_info( _("key %08lX: no subkey for key binding\n"),
(ulong)keyid[1]); (ulong)keyid[1]);
n->flag |= 4; /* delete this */ n->flag |= 4; /* delete this */
@ -1070,6 +1073,7 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
else { else {
rc = check_key_signature( keyblock, n, NULL); rc = check_key_signature( keyblock, n, NULL);
if( rc ) { if( rc ) {
if(opt.verbose)
log_info(rc == G10ERR_PUBKEY_ALGO ? log_info(rc == G10ERR_PUBKEY_ALGO ?
_("key %08lX: unsupported public key algorithm\n"): _("key %08lX: unsupported public key algorithm\n"):
_("key %08lX: invalid subkey binding\n"), _("key %08lX: invalid subkey binding\n"),
@ -1084,6 +1088,7 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
bsnode->flag|=4; /* Delete the last binding bsnode->flag|=4; /* Delete the last binding
sig since this one is sig since this one is
newer */ newer */
if(opt.verbose)
log_info(_("key %08lX: removed multiple subkey " log_info(_("key %08lX: removed multiple subkey "
"binding\n"),(ulong)keyid[1]); "binding\n"),(ulong)keyid[1]);
} }
@ -1104,6 +1109,7 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
See the comment in getkey.c:merge_selfsigs_subkey for See the comment in getkey.c:merge_selfsigs_subkey for
more */ more */
if( !knode ) { if( !knode ) {
if(opt.verbose)
log_info( _("key %08lX: no subkey for key revocation\n"), log_info( _("key %08lX: no subkey for key revocation\n"),
(ulong)keyid[1]); (ulong)keyid[1]);
n->flag |= 4; /* delete this */ n->flag |= 4; /* delete this */
@ -1111,10 +1117,12 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
else { else {
rc = check_key_signature( keyblock, n, NULL); rc = check_key_signature( keyblock, n, NULL);
if( rc ) { if( rc ) {
if(opt.verbose)
log_info(rc == G10ERR_PUBKEY_ALGO ? log_info(rc == G10ERR_PUBKEY_ALGO ?
_("key %08lX: unsupported public key algorithm\n"): _("key %08lX: unsupported public key algorithm\n"):
_("key %08lX: invalid subkey revocation\n"), _("key %08lX: invalid subkey revocation\n"),
(ulong)keyid[1]); (ulong)keyid[1]);
n->flag|=4; n->flag|=4;
} }
else { else {
@ -1124,6 +1132,7 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
rsnode->flag|=4; /* Delete the last revocation rsnode->flag|=4; /* Delete the last revocation
sig since this one is sig since this one is
newer */ newer */
if(opt.verbose)
log_info(_("key %08lX: removed multiple subkey " log_info(_("key %08lX: removed multiple subkey "
"revocation\n"),(ulong)keyid[1]); "revocation\n"),(ulong)keyid[1]);
} }
@ -1210,18 +1219,18 @@ delete_inv_parts( const char *fname, KBNODE keyblock,
* to import non-exportable signature when we have the * to import non-exportable signature when we have the
* the secret key used to create this signature - it * the secret key used to create this signature - it
* seems that this makes sense */ * seems that this makes sense */
if(opt.verbose)
log_info( _("key %08lX: non exportable signature " log_info( _("key %08lX: non exportable signature "
"(class %02x) - skipped\n"), "(class %02x) - skipped\n"),
(ulong)keyid[1], (ulong)keyid[1], node->pkt->pkt.signature->sig_class );
node->pkt->pkt.signature->sig_class );
delete_kbnode( node ); delete_kbnode( node );
} }
else if( node->pkt->pkttype == PKT_SIGNATURE else if( node->pkt->pkttype == PKT_SIGNATURE
&& node->pkt->pkt.signature->sig_class == 0x20 ) { && node->pkt->pkt.signature->sig_class == 0x20 ) {
if( uid_seen ) { if( uid_seen ) {
log_error( _("key %08lX: revocation certificate " if(opt.verbose)
"at wrong place - skipped\n"), log_info( _("key %08lX: revocation certificate "
(ulong)keyid[1]); "at wrong place - skipped\n"), (ulong)keyid[1]);
delete_kbnode( node ); delete_kbnode( node );
} }
else { else {
@ -1236,7 +1245,8 @@ delete_inv_parts( const char *fname, KBNODE keyblock,
int rc = check_key_signature( keyblock, node, NULL); int rc = check_key_signature( keyblock, node, NULL);
if( rc ) if( rc )
{ {
log_error( _("key %08lX: invalid revocation " if(opt.verbose)
log_info( _("key %08lX: invalid revocation "
"certificate: %s - skipped\n"), "certificate: %s - skipped\n"),
(ulong)keyid[1], g10_errstr(rc)); (ulong)keyid[1], g10_errstr(rc));
delete_kbnode( node ); delete_kbnode( node );
@ -1248,15 +1258,16 @@ delete_inv_parts( const char *fname, KBNODE keyblock,
(node->pkt->pkt.signature->sig_class == 0x18 || (node->pkt->pkt.signature->sig_class == 0x18 ||
node->pkt->pkt.signature->sig_class == 0x28) && node->pkt->pkt.signature->sig_class == 0x28) &&
!subkey_seen ) { !subkey_seen ) {
log_error( _("key %08lX: subkey signature " if(opt.verbose)
"in wrong place - skipped\n"), log_info( _("key %08lX: subkey signature "
(ulong)keyid[1]); "in wrong place - skipped\n"), (ulong)keyid[1]);
delete_kbnode( node ); delete_kbnode( node );
} }
else if( node->pkt->pkttype == PKT_SIGNATURE else if( node->pkt->pkttype == PKT_SIGNATURE
&& !IS_CERT(node->pkt->pkt.signature)) && !IS_CERT(node->pkt->pkt.signature))
{ {
log_error(_("key %08lX: unexpected signature class (0x%02X) -" if(opt.verbose)
log_info(_("key %08lX: unexpected signature class (0x%02X) -"
" skipped\n"),(ulong)keyid[1], " skipped\n"),(ulong)keyid[1],
node->pkt->pkt.signature->sig_class); node->pkt->pkt.signature->sig_class);
delete_kbnode(node); delete_kbnode(node);
@ -1354,6 +1365,7 @@ collapse_uids( KBNODE *keyblock )
kid1 = keyid_from_sk( n->pkt->pkt.secret_key, NULL ); kid1 = keyid_from_sk( n->pkt->pkt.secret_key, NULL );
else else
kid1 = 0; kid1 = 0;
if(!opt.quiet)
log_info(_("key %08lX: duplicated user ID detected - merged\n"), log_info(_("key %08lX: duplicated user ID detected - merged\n"),
(ulong)kid1); (ulong)kid1);
@ -1478,17 +1490,20 @@ merge_blocks( const char *fname, KBNODE keyblock_orig, KBNODE keyblock,
} }
} }
if( !found ) { if( !found ) {
char *p=get_user_id_printable (keyid);
KBNODE n2 = clone_kbnode(node); KBNODE n2 = clone_kbnode(node);
insert_kbnode( keyblock_orig, n2, 0 ); insert_kbnode( keyblock_orig, n2, 0 );
n2->flag |= 1; n2->flag |= 1;
++*n_sigs; ++*n_sigs;
log_info(_("key %08lX: \"%s\" revocation certificate added\n"), if(!opt.quiet)
(ulong)keyid[1],p); {
char *p=get_user_id_printable (keyid);
log_info(_("key %08lX: \"%s\" revocation "
"certificate added\n"), (ulong)keyid[1],p);
m_free(p); m_free(p);
} }
} }
} }
}
/* 2nd: merge in any direct key (0x1F) sigs */ /* 2nd: merge in any direct key (0x1F) sigs */
for(node=keyblock->next; node; node=node->next ) { for(node=keyblock->next; node; node=node->next ) {
@ -1514,6 +1529,7 @@ merge_blocks( const char *fname, KBNODE keyblock_orig, KBNODE keyblock,
insert_kbnode( keyblock_orig, n2, 0 ); insert_kbnode( keyblock_orig, n2, 0 );
n2->flag |= 1; n2->flag |= 1;
++*n_sigs; ++*n_sigs;
if(!opt.quiet)
log_info( _("key %08lX: direct key signature added\n"), log_info( _("key %08lX: direct key signature added\n"),
(ulong)keyid[1]); (ulong)keyid[1]);
} }

8
g10/options.skel
View File

@ -109,8 +109,12 @@
# regarding proxies (keyserver option honor-http-proxy) # regarding proxies (keyserver option honor-http-proxy)
# #
# Most users just set the name and type of their preferred keyserver. # Most users just set the name and type of their preferred keyserver.
# Most servers do synchronize with each other and DNS round-robin may # Note that most servers (with the notable exception of
# give you a quasi-random server each time. # ldap://keyserver.pgp.com) synchronize changes with each other. Note
# also that a single server name may actually point to multiple
# servers via DNS round-robin. hkp://subkeys.pgp.net is an example of
# such a "server", which spreads the load over a number of physical
# servers.
keyserver hkp://subkeys.pgp.net keyserver hkp://subkeys.pgp.net
#keyserver mailto:pgp-public-keys@keys.nl.pgp.net #keyserver mailto:pgp-public-keys@keys.nl.pgp.net

2
g10/sig-check.c
View File

@ -558,7 +558,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
md_close(md); md_close(md);
} }
else { else {
if (!opt.quiet) if (opt.verbose)
log_info (_("key %08lX: no subkey for subkey " log_info (_("key %08lX: no subkey for subkey "
"revocation packet\n"), "revocation packet\n"),
(ulong)keyid_from_pk (pk, NULL)); (ulong)keyid_from_pk (pk, NULL));