mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
gpg: Do not import revocations with --show-keys.
* g10/import.c (import_revoke_cert): Add arg 'options'. Take care of IMPORT_DRY_RUN. -- GnuPG-bug-id: 4017 Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
8f99299a54
commit
fe621cc64b
56
g10/import.c
56
g10/import.c
@ -113,8 +113,8 @@ static int import_secret_one (ctrl_t ctrl, kbnode_t keyblock,
|
|||||||
struct import_stats_s *stats, int batch,
|
struct import_stats_s *stats, int batch,
|
||||||
unsigned int options, int for_migration,
|
unsigned int options, int for_migration,
|
||||||
import_screener_t screener, void *screener_arg);
|
import_screener_t screener, void *screener_arg);
|
||||||
static int import_revoke_cert (ctrl_t ctrl,
|
static int import_revoke_cert (ctrl_t ctrl, kbnode_t node, unsigned int options,
|
||||||
kbnode_t node, struct import_stats_s *stats);
|
struct import_stats_s *stats);
|
||||||
static int chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid,
|
static int chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid,
|
||||||
int *non_self);
|
int *non_self);
|
||||||
static int delete_inv_parts (ctrl_t ctrl, kbnode_t keyblock,
|
static int delete_inv_parts (ctrl_t ctrl, kbnode_t keyblock,
|
||||||
@ -590,7 +590,7 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats,
|
|||||||
screener, screener_arg);
|
screener, screener_arg);
|
||||||
else if (keyblock->pkt->pkttype == PKT_SIGNATURE
|
else if (keyblock->pkt->pkttype == PKT_SIGNATURE
|
||||||
&& IS_KEY_REV (keyblock->pkt->pkt.signature) )
|
&& IS_KEY_REV (keyblock->pkt->pkt.signature) )
|
||||||
rc = import_revoke_cert (ctrl, keyblock, stats);
|
rc = import_revoke_cert (ctrl, keyblock, options, stats);
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
log_info (_("skipping block of type %d\n"), keyblock->pkt->pkttype);
|
log_info (_("skipping block of type %d\n"), keyblock->pkt->pkttype);
|
||||||
@ -2636,7 +2636,8 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock,
|
|||||||
* Import a revocation certificate; this is a single signature packet.
|
* Import a revocation certificate; this is a single signature packet.
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
import_revoke_cert (ctrl_t ctrl, kbnode_t node, struct import_stats_s *stats)
|
import_revoke_cert (ctrl_t ctrl, kbnode_t node, unsigned int options,
|
||||||
|
struct import_stats_s *stats)
|
||||||
{
|
{
|
||||||
PKT_public_key *pk = NULL;
|
PKT_public_key *pk = NULL;
|
||||||
kbnode_t onode;
|
kbnode_t onode;
|
||||||
@ -2726,32 +2727,35 @@ import_revoke_cert (ctrl_t ctrl, kbnode_t node, struct import_stats_s *stats)
|
|||||||
/* insert it */
|
/* insert it */
|
||||||
insert_kbnode( keyblock, clone_kbnode(node), 0 );
|
insert_kbnode( keyblock, clone_kbnode(node), 0 );
|
||||||
|
|
||||||
/* and write the keyblock back */
|
/* and write the keyblock back unless in dry run mode. */
|
||||||
rc = keydb_update_keyblock (ctrl, hd, keyblock );
|
if (!(opt.dry_run || (options & IMPORT_DRY_RUN)))
|
||||||
if (rc)
|
|
||||||
log_error (_("error writing keyring '%s': %s\n"),
|
|
||||||
keydb_get_resource_name (hd), gpg_strerror (rc) );
|
|
||||||
keydb_release (hd);
|
|
||||||
hd = NULL;
|
|
||||||
|
|
||||||
/* we are ready */
|
|
||||||
if (!opt.quiet )
|
|
||||||
{
|
{
|
||||||
char *p=get_user_id_native (ctrl, keyid);
|
rc = keydb_update_keyblock (ctrl, hd, keyblock );
|
||||||
log_info( _("key %s: \"%s\" revocation certificate imported\n"),
|
if (rc)
|
||||||
keystr(keyid),p);
|
log_error (_("error writing keyring '%s': %s\n"),
|
||||||
xfree(p);
|
keydb_get_resource_name (hd), gpg_strerror (rc) );
|
||||||
|
keydb_release (hd);
|
||||||
|
hd = NULL;
|
||||||
|
|
||||||
|
/* we are ready */
|
||||||
|
if (!opt.quiet )
|
||||||
|
{
|
||||||
|
char *p=get_user_id_native (ctrl, keyid);
|
||||||
|
log_info( _("key %s: \"%s\" revocation certificate imported\n"),
|
||||||
|
keystr(keyid),p);
|
||||||
|
xfree(p);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* If the key we just revoked was ultimately trusted, remove its
|
||||||
|
* ultimate trust. This doesn't stop the user from putting the
|
||||||
|
* ultimate trust back, but is a reasonable solution for now. */
|
||||||
|
if (get_ownertrust (ctrl, pk) == TRUST_ULTIMATE)
|
||||||
|
clear_ownertrusts (ctrl, pk);
|
||||||
|
|
||||||
|
revalidation_mark (ctrl);
|
||||||
}
|
}
|
||||||
stats->n_revoc++;
|
stats->n_revoc++;
|
||||||
|
|
||||||
/* If the key we just revoked was ultimately trusted, remove its
|
|
||||||
ultimate trust. This doesn't stop the user from putting the
|
|
||||||
ultimate trust back, but is a reasonable solution for now. */
|
|
||||||
if (get_ownertrust (ctrl, pk) == TRUST_ULTIMATE)
|
|
||||||
clear_ownertrusts (ctrl, pk);
|
|
||||||
|
|
||||||
revalidation_mark (ctrl);
|
|
||||||
|
|
||||||
leave:
|
leave:
|
||||||
keydb_release (hd);
|
keydb_release (hd);
|
||||||
release_kbnode( keyblock );
|
release_kbnode( keyblock );
|
||||||
|
Loading…
x
Reference in New Issue
Block a user