1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

gpg: Add import option "keep-ownertrust".

* g10/options.h (IMPORT_KEEP_OWNERTTRUST): New.
* g10/import.c (parse_import_options): Add "keep-ownertrust".
(import_one): Act upon new option.
--

This option is in particular useful to convert from a pubring.gpg to
the new pubring.kbx in GnuPG 2.1 or vice versa:

gpg1 --export | gpg2 --import-options keep-ownertrust --import

(cherry-picked from commit ffc2307843ce6c4ac3c8d99ba8c70ffa1ae28e39)
This commit is contained in:
Werner Koch 2014-11-12 09:56:40 +01:00
parent eb756e2510
commit da95d0d378
3 changed files with 23 additions and 2 deletions

View File

@ -2039,6 +2039,15 @@ opposite meaning. The options are:
generally useful unless a shared keyring scheme is being used. generally useful unless a shared keyring scheme is being used.
Defaults to no. Defaults to no.
@item import-keep-ownertrust
Normally possible still existing ownertrust values of a key are
cleared if a key is imported. This is in general desirable so that
a formerly deleted key does not automatically gain an ownertrust
values merely due to import. On the other hand it is sometimes
necessary to re-import a trusted set of keys again but keeping
already assigned ownertrust values. This can be achived by using
this option.
@item repair-pks-subkey-bug @item repair-pks-subkey-bug
During import, attempt to repair the damage caused by the PKS keyserver During import, attempt to repair the damage caused by the PKS keyserver
bug (pre version 0.9.6) that mangles keys with multiple subkeys. Note bug (pre version 0.9.6) that mangles keys with multiple subkeys. Note

View File

@ -95,18 +95,28 @@ parse_import_options(char *str,unsigned int *options,int noisy)
{ {
{"import-local-sigs",IMPORT_LOCAL_SIGS,NULL, {"import-local-sigs",IMPORT_LOCAL_SIGS,NULL,
N_("import signatures that are marked as local-only")}, N_("import signatures that are marked as local-only")},
{"repair-pks-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL, {"repair-pks-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,
N_("repair damage from the pks keyserver during import")}, N_("repair damage from the pks keyserver during import")},
{"keep-ownertrust", IMPORT_KEEP_OWNERTTRUST, NULL,
N_("do not clear the ownertrust values during import")},
{"fast-import",IMPORT_FAST,NULL, {"fast-import",IMPORT_FAST,NULL,
N_("do not update the trustdb after import")}, N_("do not update the trustdb after import")},
{"convert-sk-to-pk",IMPORT_SK2PK,NULL, {"convert-sk-to-pk",IMPORT_SK2PK,NULL,
N_("create a public key when importing a secret key")}, N_("create a public key when importing a secret key")},
{"merge-only",IMPORT_MERGE_ONLY,NULL, {"merge-only",IMPORT_MERGE_ONLY,NULL,
N_("only accept updates to existing keys")}, N_("only accept updates to existing keys")},
{"import-clean",IMPORT_CLEAN,NULL, {"import-clean",IMPORT_CLEAN,NULL,
N_("remove unusable parts from key after import")}, N_("remove unusable parts from key after import")},
{"import-minimal",IMPORT_MINIMAL|IMPORT_CLEAN,NULL, {"import-minimal",IMPORT_MINIMAL|IMPORT_CLEAN,NULL,
N_("remove as much as possible from key after import")}, N_("remove as much as possible from key after import")},
/* Aliases for backward compatibility */ /* Aliases for backward compatibility */
{"allow-local-sigs",IMPORT_LOCAL_SIGS,NULL,NULL}, {"allow-local-sigs",IMPORT_LOCAL_SIGS,NULL,NULL},
{"repair-hkp-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,NULL}, {"repair-hkp-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,NULL},
@ -890,12 +900,13 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
if (rc) if (rc)
log_error (_("error writing keyring `%s': %s\n"), log_error (_("error writing keyring `%s': %s\n"),
keydb_get_resource_name (hd), g10_errstr(rc)); keydb_get_resource_name (hd), g10_errstr(rc));
else else if (!(opt.import_options & IMPORT_KEEP_OWNERTTRUST))
{ {
/* This should not be possible since we delete the /* This should not be possible since we delete the
ownertrust when a key is deleted, but it can happen if ownertrust when a key is deleted, but it can happen if
the keyring and trustdb are out of sync. It can also the keyring and trustdb are out of sync. It can also
be made to happen with the trusted-key command. */ be made to happen with the trusted-key command and by
importing and locally exported key. */
clear_ownertrusts (pk); clear_ownertrusts (pk);
if(non_self) if(non_self)

View File

@ -324,6 +324,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
#define IMPORT_MINIMAL (1<<5) #define IMPORT_MINIMAL (1<<5)
#define IMPORT_CLEAN (1<<6) #define IMPORT_CLEAN (1<<6)
#define IMPORT_NO_SECKEY (1<<7) #define IMPORT_NO_SECKEY (1<<7)
#define IMPORT_KEEP_OWNERTTRUST (1<<8)
#define EXPORT_LOCAL_SIGS (1<<0) #define EXPORT_LOCAL_SIGS (1<<0)
#define EXPORT_ATTRIBUTES (1<<1) #define EXPORT_ATTRIBUTES (1<<1)