mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-12-25 03:17:13 +00:00
7cc68a961d
This adds a patch series which allows GnuPG to import updates (revocations and subkeys) from certificates that contain no user ids. This is relevant for refreshing keys from the default keyserver keys.openpgp.org, where only user ids that contain verified email addresses will be distributed, and revoked keys never contain any user ids. This patch series was originally authored and submitted to upstream half a year ago (by me), but now comes from Debian packaging where it's been included since then. Relates to the following upstream issue: https://dev.gnupg.org/T4393
107 lines
3.1 KiB
Diff
107 lines
3.1 KiB
Diff
From: Vincent Breitmoser <look@my.amazin.horse>
|
|
Date: Thu, 13 Jun 2019 21:27:42 +0200
|
|
Subject: gpg: allow import of previously known keys, even without UIDs
|
|
|
|
* g10/import.c (import_one): Accept an incoming OpenPGP certificate that
|
|
has no user id, as long as we already have a local variant of the cert
|
|
that matches the primary key.
|
|
|
|
--
|
|
|
|
This fixes two of the three broken tests in import-incomplete.scm.
|
|
|
|
GnuPG-Bug-id: 4393
|
|
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
---
|
|
g10/import.c | 44 +++++++++++---------------------------------
|
|
1 file changed, 11 insertions(+), 33 deletions(-)
|
|
|
|
diff --git a/g10/import.c b/g10/import.c
|
|
index 95d419a..4fdf248 100644
|
|
--- a/g10/import.c
|
|
+++ b/g10/import.c
|
|
@@ -1792,7 +1792,6 @@ import_one_real (ctrl_t ctrl,
|
|
size_t an;
|
|
char pkstrbuf[PUBKEY_STRING_SIZE];
|
|
int merge_keys_done = 0;
|
|
- int any_filter = 0;
|
|
KEYDB_HANDLE hd = NULL;
|
|
|
|
if (r_valid)
|
|
@@ -1829,14 +1828,6 @@ import_one_real (ctrl_t ctrl,
|
|
log_printf ("\n");
|
|
}
|
|
|
|
-
|
|
- if (!uidnode )
|
|
- {
|
|
- if (!silent)
|
|
- log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
|
|
- return 0;
|
|
- }
|
|
-
|
|
if (screener && screener (keyblock, screener_arg))
|
|
{
|
|
log_error (_("key %s: %s\n"), keystr_from_pk (pk),
|
|
@@ -1911,17 +1902,10 @@ import_one_real (ctrl_t ctrl,
|
|
}
|
|
}
|
|
|
|
- if (!delete_inv_parts (ctrl, keyblock, keyid, options ) )
|
|
- {
|
|
- if (!silent)
|
|
- {
|
|
- log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
|
|
- if (!opt.quiet )
|
|
- log_info(_("this may be caused by a missing self-signature\n"));
|
|
- }
|
|
- stats->no_user_id++;
|
|
- return 0;
|
|
- }
|
|
+ /* Delete invalid parts, and note if we have any valid ones left.
|
|
+ * We will later abort import if this key is new but contains
|
|
+ * no valid uids. */
|
|
+ delete_inv_parts (ctrl, keyblock, keyid, options);
|
|
|
|
/* Get rid of deleted nodes. */
|
|
commit_kbnode (&keyblock);
|
|
@@ -1931,24 +1915,11 @@ import_one_real (ctrl_t ctrl,
|
|
{
|
|
apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid);
|
|
commit_kbnode (&keyblock);
|
|
- any_filter = 1;
|
|
}
|
|
if (import_filter.drop_sig)
|
|
{
|
|
apply_drop_sig_filter (ctrl, keyblock, import_filter.drop_sig);
|
|
commit_kbnode (&keyblock);
|
|
- any_filter = 1;
|
|
- }
|
|
-
|
|
- /* If we ran any filter we need to check that at least one user id
|
|
- * is left in the keyring. Note that we do not use log_error in
|
|
- * this case. */
|
|
- if (any_filter && !any_uid_left (keyblock))
|
|
- {
|
|
- if (!opt.quiet )
|
|
- log_info ( _("key %s: no valid user IDs\n"), keystr_from_pk (pk));
|
|
- stats->no_user_id++;
|
|
- return 0;
|
|
}
|
|
|
|
/* The keyblock is valid and ready for real import. */
|
|
@@ -2006,6 +1977,13 @@ import_one_real (ctrl_t ctrl,
|
|
err = 0;
|
|
stats->skipped_new_keys++;
|
|
}
|
|
+ else if (err && !any_uid_left (keyblock))
|
|
+ {
|
|
+ if (!silent)
|
|
+ log_info( _("key %s: new key but contains no user ID - skipped\n"), keystr(keyid));
|
|
+ err = 0;
|
|
+ stats->no_user_id++;
|
|
+ }
|
|
else if (err) /* Insert this key. */
|
|
{
|
|
/* Note: ERR can only be NO_PUBKEY or UNUSABLE_PUBKEY. */
|