diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security/gnupg/24-allow-import-of-previously-known-keys-even-without-UI.patch')
-rw-r--r-- | nixpkgs/pkgs/tools/security/gnupg/24-allow-import-of-previously-known-keys-even-without-UI.patch | 107 |
1 files changed, 107 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/tools/security/gnupg/24-allow-import-of-previously-known-keys-even-without-UI.patch b/nixpkgs/pkgs/tools/security/gnupg/24-allow-import-of-previously-known-keys-even-without-UI.patch new file mode 100644 index 000000000000..8d4f703a3dd1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gnupg/24-allow-import-of-previously-known-keys-even-without-UI.patch @@ -0,0 +1,107 @@ +From: Vincent Breitmoser <look@my.amazin.horse> +Date: Thu, 13 Jun 2019 21:27:42 +0200 +Subject: gpg: allow import of previously known keys, even without UIDs + +* g10/import.c (import_one): Accept an incoming OpenPGP certificate that +has no user id, as long as we already have a local variant of the cert +that matches the primary key. + +-- + +This fixes two of the three broken tests in import-incomplete.scm. + +GnuPG-Bug-id: 4393 +Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +--- + g10/import.c | 44 +++++++++++--------------------------------- + 1 file changed, 11 insertions(+), 33 deletions(-) + + +diff --git a/g10/import.c b/g10/import.c +index 9fab46ca6..61896a6bf 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -1954,7 +1954,6 @@ import_one_real (ctrl_t ctrl, + size_t an; + char pkstrbuf[PUBKEY_STRING_SIZE]; + int merge_keys_done = 0; +- int any_filter = 0; + KEYDB_HANDLE hd = NULL; + + if (r_valid) +@@ -1992,13 +1991,6 @@ import_one_real (ctrl_t ctrl, + } + + +- if (!uidnode) +- { +- if (!silent) +- log_error( _("key %s: no user ID\n"), keystr_from_pk(pk)); +- return 0; +- } +- + if (screener && screener (keyblock, screener_arg)) + { + log_error (_("key %s: %s\n"), keystr_from_pk (pk), +@@ -2078,18 +2070,10 @@ import_one_real (ctrl_t ctrl, + } + } + +- /* Delete invalid parts and bail out if there are no user ids left. */ +- if (!delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs)) +- { +- if (!silent) +- { +- log_error ( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); +- if (!opt.quiet) +- log_info(_("this may be caused by a missing self-signature\n")); +- } +- stats->no_user_id++; +- return 0; +- } ++ /* Delete invalid parts, and note if we have any valid ones left. ++ * We will later abort import if this key is new but contains ++ * no valid uids. */ ++ delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs); + + /* Get rid of deleted nodes. */ + commit_kbnode (&keyblock); +@@ -2099,24 +2083,11 @@ import_one_real (ctrl_t ctrl, + { + apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); + commit_kbnode (&keyblock); +- any_filter = 1; + } + if (import_filter.drop_sig) + { + apply_drop_sig_filter (ctrl, keyblock, import_filter.drop_sig); + commit_kbnode (&keyblock); +- any_filter = 1; +- } +- +- /* If we ran any filter we need to check that at least one user id +- * is left in the keyring. Note that we do not use log_error in +- * this case. */ +- if (any_filter && !any_uid_left (keyblock)) +- { +- if (!opt.quiet ) +- log_info ( _("key %s: no valid user IDs\n"), keystr_from_pk (pk)); +- stats->no_user_id++; +- return 0; + } + + /* The keyblock is valid and ready for real import. */ +@@ -2174,6 +2145,13 @@ import_one_real (ctrl_t ctrl, + err = 0; + stats->skipped_new_keys++; + } ++ else if (err && !any_uid_left (keyblock)) ++ { ++ if (!silent) ++ log_info( _("key %s: new key but contains no user ID - skipped\n"), keystr(keyid)); ++ err = 0; ++ stats->no_user_id++; ++ } + else if (err) /* Insert this key. */ + { + /* Note: ERR can only be NO_PUBKEY or UNUSABLE_PUBKEY. */ |