mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
gpg: Do not import revocations with --show-keys.
* g10/import.c (import_revoke_cert): Add arg 'options'. Take care of IMPORT_DRY_RUN. -- GnuPG-bug-id: 4017 Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
8f99299a54
commit
fe621cc64b
20
g10/import.c
20
g10/import.c
@ -113,8 +113,8 @@ static int import_secret_one (ctrl_t ctrl, kbnode_t keyblock,
|
||||
struct import_stats_s *stats, int batch,
|
||||
unsigned int options, int for_migration,
|
||||
import_screener_t screener, void *screener_arg);
|
||||
static int import_revoke_cert (ctrl_t ctrl,
|
||||
kbnode_t node, struct import_stats_s *stats);
|
||||
static int import_revoke_cert (ctrl_t ctrl, kbnode_t node, unsigned int options,
|
||||
struct import_stats_s *stats);
|
||||
static int chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid,
|
||||
int *non_self);
|
||||
static int delete_inv_parts (ctrl_t ctrl, kbnode_t keyblock,
|
||||
@ -590,7 +590,7 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats,
|
||||
screener, screener_arg);
|
||||
else if (keyblock->pkt->pkttype == PKT_SIGNATURE
|
||||
&& IS_KEY_REV (keyblock->pkt->pkt.signature) )
|
||||
rc = import_revoke_cert (ctrl, keyblock, stats);
|
||||
rc = import_revoke_cert (ctrl, keyblock, options, stats);
|
||||
else
|
||||
{
|
||||
log_info (_("skipping block of type %d\n"), keyblock->pkt->pkttype);
|
||||
@ -2636,7 +2636,8 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock,
|
||||
* Import a revocation certificate; this is a single signature packet.
|
||||
*/
|
||||
static int
|
||||
import_revoke_cert (ctrl_t ctrl, kbnode_t node, struct import_stats_s *stats)
|
||||
import_revoke_cert (ctrl_t ctrl, kbnode_t node, unsigned int options,
|
||||
struct import_stats_s *stats)
|
||||
{
|
||||
PKT_public_key *pk = NULL;
|
||||
kbnode_t onode;
|
||||
@ -2726,7 +2727,9 @@ import_revoke_cert (ctrl_t ctrl, kbnode_t node, struct import_stats_s *stats)
|
||||
/* insert it */
|
||||
insert_kbnode( keyblock, clone_kbnode(node), 0 );
|
||||
|
||||
/* and write the keyblock back */
|
||||
/* and write the keyblock back unless in dry run mode. */
|
||||
if (!(opt.dry_run || (options & IMPORT_DRY_RUN)))
|
||||
{
|
||||
rc = keydb_update_keyblock (ctrl, hd, keyblock );
|
||||
if (rc)
|
||||
log_error (_("error writing keyring '%s': %s\n"),
|
||||
@ -2742,15 +2745,16 @@ import_revoke_cert (ctrl_t ctrl, kbnode_t node, struct import_stats_s *stats)
|
||||
keystr(keyid),p);
|
||||
xfree(p);
|
||||
}
|
||||
stats->n_revoc++;
|
||||
|
||||
/* If the key we just revoked was ultimately trusted, remove its
|
||||
ultimate trust. This doesn't stop the user from putting the
|
||||
ultimate trust back, but is a reasonable solution for now. */
|
||||
* ultimate trust. This doesn't stop the user from putting the
|
||||
* ultimate trust back, but is a reasonable solution for now. */
|
||||
if (get_ownertrust (ctrl, pk) == TRUST_ULTIMATE)
|
||||
clear_ownertrusts (ctrl, pk);
|
||||
|
||||
revalidation_mark (ctrl);
|
||||
}
|
||||
stats->n_revoc++;
|
||||
|
||||
leave:
|
||||
keydb_release (hd);
|
||||
|
Loading…
x
Reference in New Issue
Block a user