Pedro Monreal Gonzalez
0b19f2992d
- GnuPG 2.3.1:
* The new configuration file common.conf is now used to enable
the use of the key database daemon with "use-keyboxd". Using
this option in gpg.conf and gpgsm.conf is supported for a
transitional period. See doc/example/common.conf for more.
* gpg: Force version 5 key creation for ed448 and cv448 algorithms.
* gpg: By default do not use the self-sigs-only option when
importing from an LDAP keyserver.
* gpg: Lookup a missing public key of the active card via LDAP.
* gpgsm: New command --show-certs.
* scd: Fix CCID driver for SCM SPR332/SPR532.
* scd: Further improvements for PKCS#15 cards.
* New configure option --with-tss to allow the selection of the
TSS library.
- Rebase patches:
* gnupg-add_legacy_FIPS_mode_option.patch
* gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
* gnupg-dont-fail-with-seahorse-agent.patch
* gnupg-set_umask_before_open_outfile.patch
- GnuPG 2.3.0:
* A new experimental key database daemon is provided. To enable
it put "use-keyboxd" into gpg.conf and gpgsm.conf. Keys are stored
in a SQLite database and make key lookup much faster.
* New tool gpg-card as a flexible frontend for all types of
supported smartcards.
* New option --chuid for gpg, gpgsm, gpgconf, gpg-card, and
gpg-connect-agent.
* The gpg-wks-client tool is now installed under bin; a wrapper for
its old location at libexec is also installed.
OBS-URL: https://build.opensuse.org/request/show/899451
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=267
110 lines
3.3 KiB
Diff
110 lines
3.3 KiB
Diff
From a1db83d8a3308277f01b96833c13693bd7e13ff9 Mon Sep 17 00:00:00 2001
|
|
From: Vincent Breitmoser <look@my.amazin.horse>
|
|
Date: Thu, 13 Jun 2019 21:27:42 +0200
|
|
Subject: [PATCH] gpg: allow import of previously known keys, even without UIDs
|
|
|
|
* g10/import.c (import_one): Accept an incoming OpenPGP certificate that
|
|
has no user id, as long as we already have a local variant of the cert
|
|
that matches the primary key.
|
|
|
|
--
|
|
|
|
This fixes two of the three broken tests in import-incomplete.scm.
|
|
|
|
GnuPG-Bug-id: 4393
|
|
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
---
|
|
g10/import.c | 49 +++++++++++--------------------------------------
|
|
1 file changed, 11 insertions(+), 38 deletions(-)
|
|
|
|
Index: gnupg-2.3.0/g10/import.c
|
|
===================================================================
|
|
--- gnupg-2.3.0.orig/g10/import.c
|
|
+++ gnupg-2.3.0/g10/import.c
|
|
@@ -1876,7 +1876,6 @@ import_one_real (ctrl_t ctrl,
|
|
size_t an;
|
|
char pkstrbuf[PUBKEY_STRING_SIZE];
|
|
int merge_keys_done = 0;
|
|
- int any_filter = 0;
|
|
KEYDB_HANDLE hd = NULL;
|
|
|
|
if (r_valid)
|
|
@@ -1913,14 +1912,6 @@ import_one_real (ctrl_t ctrl,
|
|
log_printf ("\n");
|
|
}
|
|
|
|
-
|
|
- if (!uidnode)
|
|
- {
|
|
- if (!silent)
|
|
- log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
|
|
- return 0;
|
|
- }
|
|
-
|
|
if (screener && screener (keyblock, screener_arg))
|
|
{
|
|
log_error (_("key %s: %s\n"), keystr_from_pk (pk),
|
|
@@ -1999,19 +1990,10 @@ import_one_real (ctrl_t ctrl,
|
|
xfree(user);
|
|
}
|
|
}
|
|
-
|
|
- /* Delete invalid parts and bail out if there are no user ids left. */
|
|
- if (!delete_inv_parts (ctrl, keyblock, keyid, options))
|
|
- {
|
|
- if (!silent)
|
|
- {
|
|
- log_error ( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
|
|
- if (!opt.quiet)
|
|
- log_info(_("this may be caused by a missing self-signature\n"));
|
|
- }
|
|
- stats->no_user_id++;
|
|
- return 0;
|
|
- }
|
|
+ /* Delete invalid parts, and note if we have any valid ones left.
|
|
+ * We will later abort import if this key is new but contains
|
|
+ * no valid uids. */
|
|
+ delete_inv_parts (ctrl, keyblock, keyid, options);
|
|
|
|
/* Get rid of deleted nodes. */
|
|
commit_kbnode (&keyblock);
|
|
@@ -2021,24 +2003,11 @@ import_one_real (ctrl_t ctrl,
|
|
{
|
|
apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid);
|
|
commit_kbnode (&keyblock);
|
|
- any_filter = 1;
|
|
}
|
|
if (import_filter.drop_sig)
|
|
{
|
|
apply_drop_sig_filter (ctrl, keyblock, import_filter.drop_sig);
|
|
commit_kbnode (&keyblock);
|
|
- any_filter = 1;
|
|
- }
|
|
-
|
|
- /* If we ran any filter we need to check that at least one user id
|
|
- * is left in the keyring. Note that we do not use log_error in
|
|
- * this case. */
|
|
- if (any_filter && !any_uid_left (keyblock))
|
|
- {
|
|
- if (!opt.quiet )
|
|
- log_info ( _("key %s: no valid user IDs\n"), keystr_from_pk (pk));
|
|
- stats->no_user_id++;
|
|
- return 0;
|
|
}
|
|
|
|
/* The keyblock is valid and ready for real import. */
|
|
@@ -2096,6 +2065,13 @@ import_one_real (ctrl_t ctrl,
|
|
err = 0;
|
|
stats->skipped_new_keys++;
|
|
}
|
|
+ else if (err && !any_uid_left (keyblock))
|
|
+ {
|
|
+ if (!silent)
|
|
+ log_info( _("key %s: new key but contains no user ID - skipped\n"), keystr(keyid));
|
|
+ err = 0;
|
|
+ stats->no_user_id++;
|
|
+ }
|
|
else if (err) /* Insert this key. */
|
|
{
|
|
/* Note: ERR can only be NO_PUBKEY or UNUSABLE_PUBKEY. */
|