[git] GnuPG - branch, master, updated. gnupg-2.1.10-26-ge573e61
by Neal H. Walfield
cvs at cvs.gnupg.org
Mon Dec 14 13:06:10 CET 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via e573e6188dada4d70f6897aa2fda3c3af8c50441 (commit)
from d40975cbe8ff86fcc4a1b4963fdffc66ddee85ce (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e573e6188dada4d70f6897aa2fda3c3af8c50441
Author: Neal H. Walfield <neal at g10code.com>
Date: Mon Dec 14 12:05:29 2015 +0100
gpg: Fix --default-key checks.
* g10/getkey.c (parse_def_secret_key): Don't just check if a secret
key is available for the public key, also consider subkeys. Also
check that the key has the signing capability, is not revoked, is not
expired and is not disabled. Print a warning if there was a least one
value passed to --default-key and all were ignored.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
Regression-due-to: e16d7168
diff --git a/g10/getkey.c b/g10/getkey.c
index b09d967..16986cb 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1168,6 +1168,7 @@ parse_def_secret_key (ctrl_t ctrl)
gpg_error_t err;
KEYDB_SEARCH_DESC desc;
KBNODE kb;
+ KBNODE node;
err = classify_user_id (t->d, &desc, 1);
if (err)
@@ -1208,16 +1209,71 @@ parse_def_secret_key (ctrl_t ctrl)
continue;
}
- err = agent_probe_secret_key (ctrl, kb->pkt->pkt.public_key);
+ merge_selfsigs (kb);
+
+ err = gpg_error (GPG_ERR_NO_SECKEY);
+ node = kb;
+ do
+ {
+ PKT_public_key *pk = node->pkt->pkt.public_key;
+
+ /* Check that the key has the signing capability. */
+ if (! (pk->pubkey_usage & PUBKEY_USAGE_SIG))
+ continue;
+
+ /* Check if the key is valid. */
+ if (pk->flags.revoked)
+ {
+ if (DBG_LOOKUP)
+ log_debug (_("not using %s as default key, %s"), "revoked");
+ continue;
+ }
+ if (pk->has_expired)
+ {
+ if (DBG_LOOKUP)
+ log_debug (_("not using %s as default key, %s"), "expired");
+ continue;
+ }
+ if (pk_is_disabled (pk))
+ {
+ if (DBG_LOOKUP)
+ log_debug (_("not using %s as default key, %s"), "disabled");
+ continue;
+ }
+
+ err = agent_probe_secret_key (ctrl, pk);
+ if (! err)
+ /* This is a valid key. */
+ break;
+ }
+ while ((node = find_next_kbnode (node, PKT_PUBLIC_SUBKEY)));
+
release_kbnode (kb);
- if (! err)
+ if (err)
+ {
+ if (! warned && ! opt.quiet)
+ {
+ if (gpg_err_code (err) == GPG_ERR_NO_SECKEY)
+ log_info (_("Warning: not using '%s' as default key: %s.\n"),
+ t->d, gpg_strerror (err));
+ else
+ log_info (_("Warning: not using '%s' as default key: no secret key available: %s\n"),
+ t->d, gpg_strerror (err));
+ }
+ }
+ else
{
if (! warned)
- log_info (_("using \"%s\" as default secret key\n"), t->d);
+ log_info (_("using \"%s\" as default secret key for signing\n"),
+ t->d);
break;
}
}
+ if (! warned && opt.def_secret_key && ! t)
+ log_info (_("all values passed to '%s' ignored.\n"),
+ "--default-key");
+
warned = 1;
if (hd)
-----------------------------------------------------------------------
Summary of changes:
g10/getkey.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 59 insertions(+), 3 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list