[git] GnuPG - branch, dkg/T1967, created. gnupg-2.1.20-99-gd9fd52a

by Simon Arlott cvs at cvs.gnupg.org
Wed Apr 26 03:23:32 CEST 2017 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, dkg/T1967 has been created
        at  d9fd52afacebf98b5571de7269c9a1b37100e1ec (commit)

- Log -----------------------------------------------------------------
commit d9fd52afacebf98b5571de7269c9a1b37100e1ec
Author: Simon Arlott <simon at arlott.org>
Date:   Sun Feb 5 16:31:35 2017 -0500

    g10: Skip signing keys where no secret key is available.
    
    * g10/getkey.c (finish_lookup): When requiring PUBKEY_USAGE_SIG, skip
    over keys where no signing key is available.
    
    --
    
    This should only be relevant when gpg is required to choose which key
    to sign with -- if verifying signatures, we already know which subkey
    to look at, and indeed gpg doesn't seem to have a problem with this.
    
    This patch comes from
    https://bugs.gnupg.org/gnupg/file793/sign-fix.patch
    
    I (dkg) have reviewed and tested it with missing local keys, and it
    makes sense to me as the default behavior.  If the user has the secret
    key for a signing-capable subkey available and the command is --sign,
    it should be used.
    
    If the user has explicitly specified a subkey that happens to be
    missing (e.g. with the trailing ! for --default-key 0x${FPR}!) then
    this does not override that behavior (the signature will still fail).
    
    GnuPG-bug-id: 1967
    Debian-bug-id: 834922
    
    Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>

diff --git a/g10/getkey.c b/g10/getkey.c
index 75b8564..6ee9fe5 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -3549,6 +3549,13 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
 	      continue;
 	    }
 
+	  if ((req_usage & PUBKEY_USAGE_SIG) && agent_probe_secret_key (NULL, pk))
+	    {
+	      if (DBG_LOOKUP)
+		log_debug ("\tno secret key for signing\n");
+	      continue;
+	    }
+
 	  if (DBG_LOOKUP)
 	    log_debug ("\tsubkey might be fine\n");
 	  /* In case a key has a timestamp of 0 set, we make sure

-----------------------------------------------------------------------


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list