[git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.18-14-g42d2474

by Werner Koch cvs at cvs.gnupg.org
Wed Nov 12 10:48:23 CET 2014 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-1-4 has been updated
       via  42d2474a02aa46e6fecf0e35c067aa0b6481ffbe (commit)
      from  65c05f5c18d4331d6f1a5de98b4c6af27bc1aed8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 42d2474a02aa46e6fecf0e35c067aa0b6481ffbe
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Nov 12 09:56:40 2014 +0100

    gpg: Add import option "keep-ownertrust".
    
    * g10/options.h (IMPORT_KEEP_OWNERTTRUST): New.
    * g10/import.c (parse_import_options): Add "keep-ownertrust".
    (import_one): Act upon new option.
    --
    
    This option is in particular useful to convert from a pubring.gpg to
    the new pubring.kbx in GnuPG 2.1 or vice versa:
    
    gpg1 --export | gpg2 --import-options keep-ownertrust --import
    
    (cherry-picked from commit da95d0d37841b34e2f3d7047f14ab4d98a7c0c56)

diff --git a/doc/gpg.texi b/doc/gpg.texi
index b1a27fb..728f314 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1885,6 +1885,15 @@ opposite meaning. The options are:
   generally useful unless a shared keyring scheme is being used.
   Defaults to no.
 
+  @item import-keep-ownertrust
+  Normally possible still existing ownertrust values of a key are
+  cleared if a key is imported.  This is in general desirable so that
+  a formerly deleted key does not automatically gain an ownertrust
+  values merely due to import.  On the other hand it is sometimes
+  necessary to re-import a trusted set of keys again but keeping
+  already assigned ownertrust values.  This can be achived by using
+  this option.
+
   @item repair-pks-subkey-bug
   During import, attempt to repair the damage caused by the PKS keyserver
   bug (pre version 0.9.6) that mangles keys with multiple subkeys. Note
diff --git a/g10/import.c b/g10/import.c
index 2baa298..c9df368 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -95,18 +95,28 @@ parse_import_options(char *str,unsigned int *options,int noisy)
     {
       {"import-local-sigs",IMPORT_LOCAL_SIGS,NULL,
        N_("import signatures that are marked as local-only")},
+
       {"repair-pks-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,
        N_("repair damage from the pks keyserver during import")},
+
+      {"keep-ownertrust", IMPORT_KEEP_OWNERTTRUST, NULL,
+       N_("do not clear the ownertrust values during import")},
+
       {"fast-import",IMPORT_FAST,NULL,
        N_("do not update the trustdb after import")},
+
       {"convert-sk-to-pk",IMPORT_SK2PK,NULL,
        N_("create a public key when importing a secret key")},
+
       {"merge-only",IMPORT_MERGE_ONLY,NULL,
        N_("only accept updates to existing keys")},
+
       {"import-clean",IMPORT_CLEAN,NULL,
        N_("remove unusable parts from key after import")},
+
       {"import-minimal",IMPORT_MINIMAL|IMPORT_CLEAN,NULL,
        N_("remove as much as possible from key after import")},
+
       /* Aliases for backward compatibility */
       {"allow-local-sigs",IMPORT_LOCAL_SIGS,NULL,NULL},
       {"repair-hkp-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,NULL},
@@ -881,12 +891,13 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
         if (rc)
 	   log_error (_("error writing keyring `%s': %s\n"),
 		       keydb_get_resource_name (hd), g10_errstr(rc));
-	else
+	else if (!(opt.import_options & IMPORT_KEEP_OWNERTTRUST))
 	  {
 	    /* This should not be possible since we delete the
 	       ownertrust when a key is deleted, but it can happen if
 	       the keyring and trustdb are out of sync.  It can also
-	       be made to happen with the trusted-key command. */
+	       be made to happen with the trusted-key command and by
+	       importing and locally exported key. */
 
 	    clear_ownertrusts (pk);
 	    if(non_self)
diff --git a/g10/options.h b/g10/options.h
index 670cf64..dad5980 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -299,6 +299,7 @@ struct {
 #define IMPORT_MINIMAL                   (1<<5)
 #define IMPORT_CLEAN                     (1<<6)
 #define IMPORT_NO_SECKEY                 (1<<7)
+#define IMPORT_KEEP_OWNERTTRUST          (1<<8)
 
 #define EXPORT_LOCAL_SIGS                (1<<0)
 #define EXPORT_ATTRIBUTES                (1<<1)

-----------------------------------------------------------------------

Summary of changes:
 doc/gpg.texi  |    9 +++++++++
 g10/import.c  |   15 +++++++++++++--
 g10/options.h |    1 +
 3 files changed, 23 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list