From ffc2307843ce6c4ac3c8d99ba8c70ffa1ae28e39 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 12 Nov 2014 09:56:40 +0100 Subject: [PATCH] gpg: Add import options "keep-ownertrust". * g10/options.h (IMPORT_KEEP_OWNERTTRUST): New. * g10/import.c (parse_import_options): Add "keep-ownertrust". (import_one): Act upon new option. -- This option is in particular useful to convert from a pubring.gpg to the new pubring.kbx in GnuPG 2.1 or vice versa: gpg1 --export | gpg2 --import-options keep-ownertrust --import --- doc/gpg.texi | 9 +++++++++ g10/import.c | 14 ++++++++++++-- g10/options.h | 1 + 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/doc/gpg.texi b/doc/gpg.texi index 1154cd913..499df8770 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1991,6 +1991,15 @@ opposite meaning. The options are: generally useful unless a shared keyring scheme is being used. Defaults to no. + @item import-keep-ownertrust + Normally possible still existing ownertrust values of a key are + cleared if a key is imported. This is in general desirable so that + a formerly deleted key does not automatically gain an ownertrust + values merely due to import. On the other hand it is sometimes + necessary to re-import a trusted set of keys again but keeping + already assigned ownertrust values. This can be achived by using + this option. + @item repair-pks-subkey-bug During import, attempt to repair the damage caused by the PKS keyserver bug (pre version 0.9.6) that mangles keys with multiple subkeys. Note diff --git a/g10/import.c b/g10/import.c index 16e2b0b4b..6439fd0a9 100644 --- a/g10/import.c +++ b/g10/import.c @@ -100,16 +100,25 @@ parse_import_options(char *str,unsigned int *options,int noisy) { {"import-local-sigs",IMPORT_LOCAL_SIGS,NULL, N_("import signatures that are marked as local-only")}, + {"repair-pks-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL, N_("repair damage from the pks keyserver during import")}, + + {"keep-ownertrust", IMPORT_KEEP_OWNERTTRUST, NULL, + N_("do not clear the ownertrust values during import")}, + {"fast-import",IMPORT_FAST,NULL, N_("do not update the trustdb after import")}, + {"merge-only",IMPORT_MERGE_ONLY,NULL, N_("only accept updates to existing keys")}, + {"import-clean",IMPORT_CLEAN,NULL, N_("remove unusable parts from key after import")}, + {"import-minimal",IMPORT_MINIMAL|IMPORT_CLEAN,NULL, N_("remove as much as possible from key after import")}, + /* Aliases for backward compatibility */ {"allow-local-sigs",IMPORT_LOCAL_SIGS,NULL,NULL}, {"repair-hkp-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,NULL}, @@ -989,12 +998,13 @@ import_one (ctrl_t ctrl, if (rc) log_error (_("error writing keyring '%s': %s\n"), keydb_get_resource_name (hd), g10_errstr(rc)); - else + else if (!(opt.import_options & IMPORT_KEEP_OWNERTTRUST)) { /* This should not be possible since we delete the ownertrust when a key is deleted, but it can happen if the keyring and trustdb are out of sync. It can also - be made to happen with the trusted-key command. */ + be made to happen with the trusted-key command and by + importing and locally exported key. */ clear_ownertrusts (pk); if(non_self) diff --git a/g10/options.h b/g10/options.h index 0875eb529..95d165157 100644 --- a/g10/options.h +++ b/g10/options.h @@ -324,6 +324,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode; #define IMPORT_MINIMAL (1<<5) #define IMPORT_CLEAN (1<<6) #define IMPORT_NO_SECKEY (1<<7) +#define IMPORT_KEEP_OWNERTTRUST (1<<8) #define EXPORT_LOCAL_SIGS (1<<0) #define EXPORT_ATTRIBUTES (1<<1)