[git] GnuPG - branch, master, updated. gnupg-2.1.14-6-gb7b3771

by Werner Koch cvs at cvs.gnupg.org
Fri Jul 15 17:23:34 CEST 2016 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  b7b37716b9d2cd1b71b5f7f0e4fb2c1a43eee90a (commit)
      from  c49c43d7e4229fd9f1bc55e17fa32fdc334dbef6 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b7b37716b9d2cd1b71b5f7f0e4fb2c1a43eee90a
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Jul 15 17:20:43 2016 +0200

    wks: Publish as binary file.
    
    * tools/gpg-wks-server.c (copy_key_as_binary): New.
    (check_and_publish): Use new function instead of rename.
    --
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c
index 2ee23d7..2c9cc4f 100644
--- a/tools/gpg-wks-client.c
+++ b/tools/gpg-wks-client.c
@@ -698,7 +698,10 @@ process_confirmation_request (estream_t msg)
     }
   address = value;
   /* FIXME: Check that the "address" matches the User ID we want to
-   * publish.  */
+   * publish.  Also get the "fingerprint" and compare that to our to
+   * be published key.  Further we should make sure that we actually
+   * decrypted using that fingerprint (which is a bit problematic if
+   * --read is used). */
 
   /* Get the sender.  */
   if (!((item = nvc_lookup (nvc, "sender:")) && (value = nve_value (item))
diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c
index f15085f..e872824 100644
--- a/tools/gpg-wks-server.c
+++ b/tools/gpg-wks-server.c
@@ -506,6 +506,75 @@ list_key (server_ctx_t ctx, estream_t key)
 }
 
 
+/* Take the key in KEYFILE and write it to OUTFILE in binary encoding.
+ * If ADDRSPEC is given only matching user IDs are included in the
+ * output.  */
+static gpg_error_t
+copy_key_as_binary (const char *keyfile, const char *outfile,
+                    const char *addrspec)
+{
+  gpg_error_t err;
+  ccparray_t ccp;
+  const char **argv;
+  char *filterexp = NULL;
+
+  if (addrspec)
+    {
+      filterexp = es_bsprintf ("keep-uid=mbox = %s", addrspec);
+      if (!filterexp)
+        {
+          err = gpg_error_from_syserror ();
+          log_error ("error allocating memory buffer: %s\n",
+                     gpg_strerror (err));
+          goto leave;
+        }
+    }
+
+  ccparray_init (&ccp, 0);
+
+  ccparray_put (&ccp, "--no-options");
+  if (!opt.verbose)
+    ccparray_put (&ccp, "--quiet");
+  else if (opt.verbose > 1)
+    ccparray_put (&ccp, "--verbose");
+  ccparray_put (&ccp, "--batch");
+  ccparray_put (&ccp, "--yes");
+  ccparray_put (&ccp, "--always-trust");
+  ccparray_put (&ccp, "--no-keyring");
+  ccparray_put (&ccp, "--output");
+  ccparray_put (&ccp, outfile);
+  ccparray_put (&ccp, "--import-options=import-export");
+  if (filterexp)
+    {
+      ccparray_put (&ccp, "--import-filter");
+      ccparray_put (&ccp, filterexp);
+    }
+  ccparray_put (&ccp, "--import");
+  ccparray_put (&ccp, "--");
+  ccparray_put (&ccp, keyfile);
+
+  ccparray_put (&ccp, NULL);
+  argv = ccparray_get (&ccp, NULL);
+  if (!argv)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+  err = gnupg_exec_tool_stream (opt.gpg_program, argv, NULL,
+                                NULL, NULL, NULL, NULL);
+  if (err)
+    {
+      log_error ("%s failed: %s\n", __func__, gpg_strerror (err));
+      goto leave;
+    }
+
+ leave:
+  xfree (filterexp);
+  xfree (argv);
+  return err;
+}
+
+
 /* Take the key in KEYFILE and write it to DANEFILE using the DANE
  * output format. */
 static gpg_error_t
@@ -1091,10 +1160,11 @@ check_and_publish (server_ctx_t ctx, const char *address, const char *nonce)
     }
 
   /* Publish.  */
-  if (rename (fname, fnewname))
+  err = copy_key_as_binary (fname, fnewname, address);
+  if (err)
     {
       err = gpg_error_from_syserror ();
-      log_error ("renaming '%s' to '%s' failed: %s\n",
+      log_error ("copying '%s' to '%s' failed: %s\n",
                  fname, fnewname, gpg_strerror (err));
       goto leave;
     }

-----------------------------------------------------------------------

Summary of changes:
 tools/gpg-wks-client.c |  5 +++-
 tools/gpg-wks-server.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++--
 2 files changed, 76 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list