[git] GnuPG - branch, master, updated. gnupg-2.1.16-52-g41b3d09
by Werner Koch
cvs at cvs.gnupg.org
Mon Dec 5 11:03:43 CET 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 41b3d0975de65d1654f5e37c626d7c9b7c9a7a4d (commit)
from fae4d06b0ccaa9803e0c0da56c327b0bcfffcac5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 41b3d0975de65d1654f5e37c626d7c9b7c9a7a4d
Author: Werner Koch <wk at gnupg.org>
Date: Mon Dec 5 10:58:39 2016 +0100
gpg: New option --quick-set-expire.
* g10/gpg.c (aQuickSetExpire): New.
(opts): New option --quick-set-expire.
(main): Implement option.
* g10/keyedit.c (menu_expire): Add args FORCE_MAINKEY and
NEWEXPIRATION. Change semantics of the return value. Change caller.
(keyedit_quick_set_expire): New.
--
This patch partly solves
GnuPG-bug-id: 2701
diff --git a/doc/gpg.texi b/doc/gpg.texi
index b01d0a3..9d51dcb 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -632,6 +632,12 @@ supplied passphrase is used for the new key and the agent does not ask
for it. To create a key without any protection @code{--passphrase ''}
may be used.
+ at item --quick-set-expire @code{fpr} @code{expire}
+ at opindex quick-set-expire
+Directly set the expiration time of the primary key to @code{expire}.
+To remove the expiration time @code{0} can be used.
+
+
@item --quick-addkey @code{fpr} [@code{algo} [@code{usage} [@code{expire}]]]
@opindex quick-addkey
Directly add a subkey to the key identified by the fingerprint
diff --git a/g10/export.c b/g10/export.c
index 6a5597c..ad42b41 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -1144,9 +1144,9 @@ print_status_exported (PKT_public_key *pk)
/*
* Receive a secret key from agent specified by HEXGRIP.
*
- * Since the key data from agant is encrypted, decrypt it by CIPHERHD.
- * Then, parse the decrypted key data in transfer format, and put
- * secret parameters into PK.
+ * Since the key data from the agent is encrypted, decrypt it using
+ * CIPHERHD context. Then, parse the decrypted key data into transfer
+ * format, and put secret parameters into PK.
*
* If CLEARTEXT is 0, store the secret key material
* passphrase-protected. Otherwise, store secret key material in the
diff --git a/g10/gpg.c b/g10/gpg.c
index 7cf51f2..2deb27a 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -123,6 +123,7 @@ enum cmd_and_opt_values
aQuickAddUid,
aQuickAddKey,
aQuickRevUid,
+ aQuickSetExpire,
aListConfig,
aListGcryptConfig,
aGPGConfList,
@@ -448,6 +449,8 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_c (aQuickAddKey, "quick-addkey", "@"),
ARGPARSE_c (aQuickRevUid, "quick-revuid",
N_("quickly revoke a user-id")),
+ ARGPARSE_c (aQuickSetExpire, "quick-set-expire",
+ N_("quickly set a new expiration date")),
ARGPARSE_c (aFullKeygen, "full-gen-key" ,
N_("full featured key pair generation")),
ARGPARSE_c (aGenRevoke, "gen-revoke",N_("generate a revocation certificate")),
@@ -2549,6 +2552,7 @@ main (int argc, char **argv)
case aQuickAddUid:
case aQuickAddKey:
case aQuickRevUid:
+ case aQuickSetExpire:
case aExportOwnerTrust:
case aImportOwnerTrust:
case aRebuildKeydbCaches:
@@ -4384,6 +4388,18 @@ main (int argc, char **argv)
}
break;
+ case aQuickSetExpire:
+ {
+ const char *x_fpr, *x_expire;
+
+ if (argc != 2)
+ wrong_args ("--quick-set-exipre FINGERPRINT EXPIRE");
+ x_fpr = *argv++; argc--;
+ x_expire = *argv++; argc--;
+ keyedit_quick_set_expire (ctrl, x_fpr, x_expire);
+ }
+ break;
+
case aFastImport:
opt.import_options |= IMPORT_FAST;
case aImport:
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 94fa8c4..dadf586 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -69,7 +69,8 @@ static int menu_delsig (KBNODE pub_keyblock);
static int menu_clean (KBNODE keyblock, int self_only);
static void menu_delkey (KBNODE pub_keyblock);
static int menu_addrevoker (ctrl_t ctrl, kbnode_t pub_keyblock, int sensitive);
-static int menu_expire (KBNODE pub_keyblock);
+static gpg_error_t menu_expire (kbnode_t pub_keyblock,
+ int force_mainkey, u32 newexpiration);
static int menu_changeusage (kbnode_t keyblock);
static int menu_backsign (KBNODE pub_keyblock);
static int menu_set_primary_uid (KBNODE pub_keyblock);
@@ -2599,7 +2600,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
break;
case cmdEXPIRE:
- if (menu_expire (keyblock))
+ if (gpg_err_code (menu_expire (keyblock, 0, 0)) == GPG_ERR_TRUE)
{
merge_keys_and_selfsig (keyblock);
run_subkey_warnings = 1;
@@ -3342,6 +3343,86 @@ keyedit_quick_addkey (ctrl_t ctrl, const char *fpr, const char *algostr,
}
+/* Unattended expiration setting function for the main key.
+ *
+ */
+void
+keyedit_quick_set_expire (ctrl_t ctrl, const char *fpr, const char *expirestr)
+{
+ gpg_error_t err;
+ kbnode_t keyblock;
+ KEYDB_HANDLE kdbhd;
+ int modified = 0;
+ PKT_public_key *pk;
+ u32 expire;
+
+#ifdef HAVE_W32_SYSTEM
+ /* See keyedit_menu for why we need this. */
+ check_trustdb_stale (ctrl);
+#endif
+
+ /* We require a fingerprint because only this uniquely identifies a
+ * key and may thus be used to select a key for unattended
+ * expiration setting. */
+ err = find_by_primary_fpr (ctrl, fpr, &keyblock, &kdbhd);
+ if (err)
+ goto leave;
+
+ if (fix_keyblock (&keyblock))
+ modified++;
+
+ pk = keyblock->pkt->pkt.public_key;
+ if (pk->flags.revoked)
+ {
+ if (!opt.verbose)
+ show_key_with_all_names (ctrl, es_stdout, keyblock, 0, 0, 0, 0, 0, 1);
+ log_error ("%s%s", _("Key is revoked."), "\n");
+ err = gpg_error (GPG_ERR_CERT_REVOKED);
+ goto leave;
+ }
+
+
+ expire = parse_expire_string (expirestr);
+ if (expire == (u32)-1 )
+ {
+ log_error (_("'%s' is not a valid expiration time\n"), expirestr);
+ err = gpg_error (GPG_ERR_INV_VALUE);
+ goto leave;
+ }
+ if (expire)
+ expire += make_timestamp ();
+
+ /* Set the new expiration date. */
+ err = menu_expire (keyblock, 1, expire);
+ if (gpg_err_code (err) == GPG_ERR_TRUE)
+ modified = 1;
+ else if (err)
+ goto leave;
+ es_fflush (es_stdout);
+
+ /* Store. */
+ if (modified)
+ {
+ err = keydb_update_keyblock (ctrl, kdbhd, keyblock);
+ if (err)
+ {
+ log_error (_("update failed: %s\n"), gpg_strerror (err));
+ goto leave;
+ }
+ if (update_trust)
+ revalidation_mark ();
+ }
+ else
+ log_info (_("Key not changed so no update needed.\n"));
+
+ leave:
+ release_kbnode (keyblock);
+ keydb_release (kdbhd);
+ if (err)
+ write_status_error ("set_expire", err);
+}
+
+
static void
tty_print_notations (int indent, PKT_signature * sig)
@@ -4736,36 +4817,50 @@ fail:
}
-static int
-menu_expire (KBNODE pub_keyblock)
+/* With FORCE_MAINKEY cleared this function handles the interactive
+ * menu option "expire". With FORCE_MAINKEY set this functions only
+ * sets the expiration date of the primary key to NEWEXPIRATION and
+ * avoid all interactivity. Retirns 0 if nothing was done,
+ * GPG_ERR_TRUE if the key was modified, or any other error code. */
+static gpg_error_t
+menu_expire (kbnode_t pub_keyblock, int force_mainkey, u32 newexpiration)
{
- int n1, signumber, rc;
+ int signumber, rc;
u32 expiredate;
int mainkey = 0;
PKT_public_key *main_pk, *sub_pk;
PKT_user_id *uid;
- KBNODE node;
+ kbnode_t node;
u32 keyid[2];
- n1 = count_selected_keys (pub_keyblock);
- if (n1 > 1)
+ if (force_mainkey)
{
- if (!cpr_get_answer_is_yes
- ("keyedit.expire_multiple_subkeys.okay",
- _("Are you sure you want to change the"
- " expiration time for multiple subkeys? (y/N) ")))
- return 0;
+ mainkey = 1;
+ expiredate = newexpiration;
}
- else if (n1)
- tty_printf (_("Changing expiration time for a subkey.\n"));
else
{
- tty_printf (_("Changing expiration time for the primary key.\n"));
- mainkey = 1;
- no_primary_warning (pub_keyblock);
+ int n1 = count_selected_keys (pub_keyblock);
+ if (n1 > 1)
+ {
+ if (!cpr_get_answer_is_yes
+ ("keyedit.expire_multiple_subkeys.okay",
+ _("Are you sure you want to change the"
+ " expiration time for multiple subkeys? (y/N) ")))
+ return gpg_error (GPG_ERR_CANCELED);;
+ }
+ else if (n1)
+ tty_printf (_("Changing expiration time for a subkey.\n"));
+ else
+ {
+ tty_printf (_("Changing expiration time for the primary key.\n"));
+ mainkey = 1;
+ no_primary_warning (pub_keyblock);
+ }
+
+ expiredate = ask_expiredate ();
}
- expiredate = ask_expiredate ();
/* Now we can actually change the self-signature(s) */
main_pk = sub_pk = NULL;
@@ -4781,7 +4876,7 @@ menu_expire (KBNODE pub_keyblock)
}
else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
{
- if (node->flag & NODFLG_SELKEY)
+ if ((node->flag & NODFLG_SELKEY) && !force_mainkey)
{
sub_pk = node->pkt->pkt.public_key;
sub_pk->expiredate = expiredate;
@@ -4795,6 +4890,7 @@ menu_expire (KBNODE pub_keyblock)
&& (mainkey || sub_pk))
{
PKT_signature *sig = node->pkt->pkt.signature;
+
if (keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
&& ((mainkey && uid
&& uid->created && (sig->sig_class & ~3) == 0x10)
@@ -4812,7 +4908,7 @@ menu_expire (KBNODE pub_keyblock)
{
log_info
(_("You can't change the expiration date of a v3 key\n"));
- return 0;
+ return gpg_error (GPG_ERR_LEGACY_KEY);
}
if (mainkey)
@@ -4827,7 +4923,9 @@ menu_expire (KBNODE pub_keyblock)
{
log_error ("make_keysig_packet failed: %s\n",
gpg_strerror (rc));
- return 0;
+ if (gpg_err_code (rc) == GPG_ERR_TRUE)
+ rc = GPG_ERR_GENERAL;
+ return rc;
}
/* Replace the packet. */
@@ -4843,7 +4941,7 @@ menu_expire (KBNODE pub_keyblock)
}
update_trust = 1;
- return 1;
+ return gpg_error (GPG_ERR_TRUE);
}
diff --git a/g10/main.h b/g10/main.h
index 63aec47..1822ee4 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -295,6 +295,8 @@ void keyedit_quick_revuid (ctrl_t ctrl, const char *username,
const char *uidtorev);
void keyedit_quick_sign (ctrl_t ctrl, const char *fpr,
strlist_t uids, strlist_t locusr, int local);
+void keyedit_quick_set_expire (ctrl_t ctrl,
+ const char *fpr, const char *expirestr);
void show_basic_key_info (KBNODE keyblock);
/*-- keygen.c --*/
-----------------------------------------------------------------------
Summary of changes:
doc/gpg.texi | 6 +++
g10/export.c | 6 +--
g10/gpg.c | 16 +++++++
g10/keyedit.c | 144 ++++++++++++++++++++++++++++++++++++++++++++++++----------
g10/main.h | 2 +
5 files changed, 148 insertions(+), 26 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list