* keylist.c (list_one): Don't show the keyring filename when in

--with-colons mode.  Actually translate "Keyring" string.

* mainproc.c (proc_tree): We can't currently handle multiple signatures of
different classes or digests (we'd pretty much have to run a different
hash context for each), but if they are all the same, make an exception.
This is Debian bug #194292.

* sig-check.c (check_key_signature2): Make string translatable.

* packet.h, getkey.c (fixup_uidnode): Mark real primary uids differently
than assumed primaries.

* keyedit.c (no_primary_warning): Use the differently marked primaries
here in a new function to warn when an --edit-key command might rearrange
the self-sig dates enough to change which uid is primary. (menu_expire,
menu_set_preferences): Use no_primary_warning() here.

* Makefile.am: Use @DLLIBS@ for -ldl.

g10/ChangeLog

@@ -1,3 +1,27 @@
+2003-05-30  David Shaw  <dshaw@jabberwocky.com>
+
+	* keylist.c (list_one): Don't show the keyring filename when in
+	--with-colons mode.  Actually translate "Keyring" string.
+
+	* mainproc.c (proc_tree): We can't currently handle multiple
+	signatures of different classes or digests (we'd pretty much have
+	to run a different hash context for each), but if they are all the
+	same, make an exception.  This is Debian bug #194292.
+
+	* sig-check.c (check_key_signature2): Make string translatable.
+
+	* packet.h, getkey.c (fixup_uidnode): Mark real primary uids
+	differently than assumed primaries.
+
+	* keyedit.c (no_primary_warning): Use the differently marked
+	primaries here in a new function to warn when an --edit-key
+	command might rearrange the self-sig dates enough to change which
+	uid is primary.
+	(menu_expire, menu_set_preferences): Use no_primary_warning()
+	here.
+
+	* Makefile.am: Use @DLLIBS@ for -ldl.
+
 2003-05-21  David Shaw  <dshaw@jabberwocky.com>
 
 	* armor.c, g10.c, kbnode.c, misc.c, pkclist.c, sign.c,

g10/Makefile.am

@@ -18,7 +18,7 @@
 
 ## Process this file with automake to produce Makefile.in
 
-INCLUDES = -I.. -I$(top_srcdir)/include -I$(top_srcdir)/intl
+INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl
 EXTRA_DIST = options.skel
 # it seems that we can't use this with automake 1.5
 #OMIT_DEPENDENCIES = zlib.h zconf.h
@@ -26,7 +26,7 @@ libexecdir = @libexecdir@/@PACKAGE@
 if ! HAVE_DOSISH_SYSTEM
 AM_CFLAGS =  -DGNUPG_LIBEXECDIR="\"$(libexecdir)\""
 endif
-needed_libs = ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a @CAPLIBS@
+needed_libs = ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a
 
 #noinst_PROGRAMS = gpgd
 bin_PROGRAMS = gpg gpgv
@@ -96,15 +96,10 @@ gpg_SOURCES  = g10.c		\
 	      photoid.c photoid.h \
 	      exec.c exec.h
 
-
-
 gpgv_SOURCES = gpgv.c           \
 	      $(common_source)  \
 	      verify.c          
 
-
-
-
 #gpgd_SOURCES = gpgd.c \
 #	       ks-proto.h \
 #	       ks-proto.c \
@@ -112,9 +107,9 @@ gpgv_SOURCES = gpgv.c           \
 #	       ks-db.h \
 #	       $(common_source)
 
-LDADD =  $(needed_libs) @ZLIBS@ @INTLLIBS@
+LDADD =  $(needed_libs) @INTLLIBS@ @CAPLIBS@ @ZLIBS@
 # gpg gets LIBOBJS to add in mkdtemp if the platform doesn't have it
-gpg_LDADD = @LIBOBJS@ $(LDADD) @NETLIBS@
+gpg_LDADD = @LIBOBJS@ $(LDADD) @DLLIBS@ @NETLIBS@
 
 $(PROGRAMS): $(needed_libs)
 

g10/getkey.c

@@ -1287,7 +1287,7 @@ fixup_uidnode ( KBNODE uidnode, KBNODE signode, u32 keycreated )
     uid->is_primary = 0;
     p = parse_sig_subpkt ( sig->hashed, SIGSUBPKT_PRIMARY_UID, NULL );
     if ( p && *p )
-        uid->is_primary = 1;
+        uid->is_primary = 2;
     /* We could also query this from the unhashed area if it is not in
      * the hased area and then later try to decide which is the better
      * there should be no security problem with this.

g10/keyedit.c

@@ -2036,6 +2036,40 @@ show_key_and_fingerprint( KBNODE keyblock )
 }
 
 
+/* Show a warning if no uids on the key have the primary uid flag
+   set. */
+static void
+no_primary_warning(KBNODE keyblock, int uids)
+{
+  KBNODE node;
+  int select_all=1,have_uid=0,uid_count=0;
+
+  if(uids)
+    select_all=!count_selected_uids(keyblock);
+
+  /* TODO: if we ever start behaving differently with a primary or
+     non-primary attribute ID, we will need to check for attributes
+     here as well. */
+
+  for(node=keyblock; node; node = node->next)
+    {
+      if(node->pkt->pkttype==PKT_USER_ID
+	 && node->pkt->pkt.user_id->attrib_data==NULL)
+	{
+	  uid_count++;
+
+	  if((select_all || (node->flag & NODFLG_SELUID))
+	     && node->pkt->pkt.user_id->is_primary==2)
+	    have_uid|=2;
+	  else
+	    have_uid|=1;
+	}
+    }
+
+  if(uid_count>1 && have_uid&1 && !(have_uid&2))
+    log_info(_("WARNING: no user ID has been marked as primary.  This command "
+	       "may\n              cause a different user ID to become the assumed primary.\n"));
+}
 
 /****************
  * Ask for a new user id, do the selfsignature and put it into
@@ -2530,6 +2564,8 @@ menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock )
 	mainkey=1;
     }
 
+    no_primary_warning(pub_keyblock,0);
+
     expiredate = ask_expiredate();
     node = find_kbnode( sec_keyblock, PKT_SECRET_KEY );
     sk = copy_secret_key( NULL, node->pkt->pkt.secret_key);
@@ -2779,6 +2815,8 @@ menu_set_preferences (KBNODE pub_keyblock, KBNODE sec_keyblock )
     int selected, select_all;
     int modified = 0;
 
+    no_primary_warning(pub_keyblock,1);
+
     select_all = !count_selected_uids (pub_keyblock);
 
     node = find_kbnode( sec_keyblock, PKT_SECRET_KEY );

g10/keylist.c

@@ -187,8 +187,11 @@ list_all( int secret )
             log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
             goto leave;
         }
+	if(!opt.with_colons)
+	  {
 	    resname = keydb_get_resource_name (hd);
-	if (lastresname != resname ) {
+	    if (lastresname != resname )
+	      {
 		int i;
 
 		printf("%s\n", resname );
@@ -197,6 +200,7 @@ list_all( int secret )
 		putchar('\n');
 		lastresname = resname;
 	      }
+	  }
         merge_keys_and_selfsig( keyblock );
 	list_keyblock( keyblock, secret, opt.fingerprint,
 		       opt.check_sigs?&stats:NULL);
@@ -222,7 +226,7 @@ list_one( STRLIST names, int secret )
     KBNODE keyblock = NULL;
     GETKEY_CTX ctx;
     const char *resname;
-    char *keyring_str = N_("Keyring");
+    char *keyring_str = _("Keyring");
     int i;
     struct sig_stats stats;
 
@@ -245,7 +249,7 @@ list_one( STRLIST names, int secret )
 	    return;
 	}
 	do {
-	    if (opt.show_keyring) {
+	    if (opt.show_keyring && !opt.with_colons) {
 		resname = keydb_get_resource_name (get_ctx_handle(ctx));
 		printf("%s: %s\n", keyring_str, resname);
 		for(i = strlen(resname) + strlen(keyring_str) + 2; i; i-- )
@@ -265,7 +269,7 @@ list_one( STRLIST names, int secret )
 	    return;
 	}
 	do {
-	    if (opt.show_keyring) {
+	  if (opt.show_keyring && !opt.with_colons) {
 		resname = keydb_get_resource_name (get_ctx_handle(ctx));
 		printf("%s: %s\n", keyring_str, resname);
 		for(i = strlen(resname) + strlen(keyring_str) + 2; i; i-- )

g10/mainproc.c

@@ -1615,10 +1615,30 @@ proc_tree( CTX c, KBNODE node )
     }
     else if( node->pkt->pkttype == PKT_SIGNATURE ) {
 	PKT_signature *sig = node->pkt->pkt.signature;
+	int multiple_ok=1;
 
-	if(find_next_kbnode(node, PKT_SIGNATURE))
+	n1=find_next_kbnode(node, PKT_SIGNATURE);
+	if(n1)
+	  {
+	    byte class=sig->sig_class;
+	    byte hash=sig->digest_algo;
+
+	    for(; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE)))
+	      {
+		/* We can't currently handle multiple signatures of
+		   different classes or digests (we'd pretty much have
+		   to run a different hash context for each), but if
+		   they are all the same, make an exception. */
+		if(n1->pkt->pkt.signature->sig_class!=class
+		   || n1->pkt->pkt.signature->digest_algo!=hash)
+		  {
+		    multiple_ok=0;
 		    log_info(_("WARNING: multiple signatures detected.  "
 			       "Only the first will be checked.\n"));
+		    break;
+		  }
+	      }
+	  }
 
 	if( sig->sig_class != 0x00 && sig->sig_class != 0x01 )
 	    log_info(_("standalone signature of class 0x%02x\n"),
@@ -1680,6 +1700,10 @@ proc_tree( CTX c, KBNODE node )
 	else if (!opt.quiet)
 	    log_info(_("old style (PGP 2.x) signature\n"));
 
+	if(multiple_ok)
+	  for( n1 = node; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )) )
+	    check_sig_and_print( c, n1 );
+	else
 	  check_sig_and_print( c, node );
     }
     else {

g10/packet.h

@@ -168,7 +168,7 @@ typedef struct {
     u32 help_key_expire;
     int help_full_count;
     int help_marginal_count;
-    int is_primary;
+    int is_primary;       /* 2 if set via the primary flag, 1 if calculated */
     int is_revoked;
     int is_expired;
     u32 expiredate;       /* expires at this date or 0 if not at all */

g10/sig-check.c

@@ -575,7 +575,8 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
 	}
 	else {
             if (opt.verbose)
-                log_info ("key %08lX: no subkey for subkey binding packet\n",
+                log_info(_("key %08lX: no subkey for subkey "
+			   "binding signature\n"),
 			 (ulong)keyid_from_pk (pk, NULL));
 	    rc = G10ERR_SIG_CLASS;
 	}