[git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.8-17-g04fb766

by Werner Koch cvs at cvs.gnupg.org
Tue Jul 3 12:33:30 CEST 2018


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-2 has been updated
       via  04fb76684d8b2c9cda2e5c35bad6edec521cffa5 (commit)
       via  a8e24addcc4e0fdff7d07acdd7e13bf6febf97d2 (commit)
       via  5c67ee160d4969b1ef94642ac602e1aed4d9a6d7 (commit)
      from  2809be1f97a447171a9e8b40079851740b15341a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 04fb76684d8b2c9cda2e5c35bad6edec521cffa5
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Jun 21 20:28:40 2018 +0200

    gpg: Print revocation reason for "rev" records.
    
    * g10/main.h: Add prototype.
    * g10/keylist.c (list_keyblock_print): Print revocation info.
    (list_keyblock_colon): Ditto.
    
    * g10/test-stubs.c (get_revocation_reason): New stub.
    * g10/gpgv.c (get_revocation_reason): New stub.
    --
    
    GnuPG-bug-id: 1173
    Signed-off-by: Werner Koch <wk at gnupg.org>
    (cherry picked from commit 592deeddb9bf4ae9b3e236b439e2f39644eb6d46)

diff --git a/g10/gpgv.c b/g10/gpgv.c
index c43067d..c142cef 100644
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@@ -772,3 +772,18 @@ tofu_notice_key_changed (ctrl_t ctrl, kbnode_t kb)
 
   return 0;
 }
+
+
+int
+get_revocation_reason (PKT_signature *sig, char **r_reason,
+                       char **r_comment, size_t *r_commentlen)
+{
+  (void)sig;
+  (void)r_commentlen;
+
+  if (r_reason)
+    *r_reason = NULL;
+  if (r_comment)
+    *r_comment = NULL;
+  return 0;
+}
diff --git a/g10/keylist.c b/g10/keylist.c
index 199cd13..c9121a1 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -1070,6 +1070,9 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
 	  PKT_signature *sig = node->pkt->pkt.signature;
 	  int sigrc;
 	  char *sigstr;
+          char *reason_text = NULL;
+          char *reason_comment = NULL;
+          size_t reason_commentlen;
 
 	  if (listctx->check_sigs)
 	    {
@@ -1106,7 +1109,11 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
 
 	  if (sig->sig_class == 0x20 || sig->sig_class == 0x28
 	      || sig->sig_class == 0x30)
-	    sigstr = "rev";
+            {
+              sigstr = "rev";
+              get_revocation_reason (sig, &reason_text,
+                                     &reason_comment, &reason_commentlen);
+            }
 	  else if ((sig->sig_class & ~3) == 0x10)
 	    sigstr = "sig";
 	  else if (sig->sig_class == 0x18)
@@ -1168,6 +1175,40 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
 	      && (opt.list_options & LIST_SHOW_KEYSERVER_URLS))
 	    show_keyserver_url (sig, 3, 0);
 
+          if (reason_text)
+            {
+              es_fprintf (es_stdout, "      %s%s\n",
+                          _("reason for revocation: "), reason_text);
+              if (reason_comment)
+                {
+                  const byte *s, *s_lf;
+                  size_t n, n_lf;
+
+                  s = reason_comment;
+                  n = reason_commentlen;
+                  s_lf = NULL;
+                  do
+                    {
+                      /* We don't want any empty lines, so we skip them.  */
+                      for (;n && *s == '\n'; s++, n--)
+                        ;
+                      if (n)
+                        {
+                          s_lf = memchr (s, '\n', n);
+                          n_lf = s_lf? s_lf - s : n;
+                          es_fprintf (es_stdout, "         %s",
+                                      _("revocation comment: "));
+                          es_write_sanitized (es_stdout, s, n_lf, NULL, NULL);
+                          es_putc ('\n', es_stdout);
+                          s += n_lf; n -= n_lf;
+                        }
+                    } while (s_lf);
+                }
+            }
+
+          xfree (reason_text);
+          xfree (reason_comment);
+
 	  /* fixme: check or list other sigs here */
 	}
     }
@@ -1514,10 +1555,19 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
           char *siguid;
           size_t siguidlen;
           char *issuer_fpr = NULL;
+          char *reason_text = NULL;
+          char *reason_comment = NULL;
+          size_t reason_commentlen;
+          int reason_code;
 
 	  if (sig->sig_class == 0x20 || sig->sig_class == 0x28
 	      || sig->sig_class == 0x30)
-	    sigstr = "rev";
+            {
+              sigstr = "rev";
+              reason_code = get_revocation_reason (sig, &reason_text,
+                                                   &reason_comment,
+                                                   &reason_commentlen);
+            }
 	  else if ((sig->sig_class & ~3) == 0x10)
 	    sigstr = "sig";
 	  else if (sig->sig_class == 0x18)
@@ -1611,8 +1661,11 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
 	  else if (siguid)
             es_write_sanitized (es_stdout, siguid, siguidlen, ":", NULL);
 
-	  es_fprintf (es_stdout, ":%02x%c::", sig->sig_class,
+	  es_fprintf (es_stdout, ":%02x%c", sig->sig_class,
                       sig->flags.exportable ? 'x' : 'l');
+          if (reason_text)
+            es_fprintf (es_stdout, ",%02x", reason_code);
+          es_fputs ("::", es_stdout);
 
 	  if (opt.no_sig_cache && opt.check_sigs && fprokay)
 	    {
@@ -1622,12 +1675,23 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
           else if ((issuer_fpr = issuer_fpr_string (sig)))
             es_fputs (issuer_fpr, es_stdout);
 
-	  es_fprintf (es_stdout, ":::%d:\n", sig->digest_algo);
+	  es_fprintf (es_stdout, ":::%d:", sig->digest_algo);
+
+          if (reason_comment)
+            {
+              es_fputs ("::::", es_stdout);
+              es_write_sanitized (es_stdout, reason_comment, reason_commentlen,
+                                  ":", NULL);
+              es_putc (':', es_stdout);
+            }
+          es_putc ('\n', es_stdout);
 
 	  if (opt.show_subpackets)
 	    print_subpackets_colon (sig);
 
 	  /* fixme: check or list other sigs here */
+          xfree (reason_text);
+          xfree (reason_comment);
           xfree (siguid);
           xfree (issuer_fpr);
 	}
diff --git a/g10/main.h b/g10/main.h
index af25d55..389a557 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -378,6 +378,9 @@ gpg_error_t transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats,
 
 int collapse_uids( KBNODE *keyblock );
 
+int get_revocation_reason (PKT_signature *sig, char **r_reason,
+                           char **r_comment, size_t *r_commentlen);
+
 
 /*-- export.c --*/
 struct export_stats_s;
diff --git a/g10/test-stubs.c b/g10/test-stubs.c
index e5fd3ae..1e13632 100644
--- a/g10/test-stubs.c
+++ b/g10/test-stubs.c
@@ -535,3 +535,17 @@ tofu_notice_key_changed (ctrl_t ctrl, kbnode_t kb)
 
   return 0;
 }
+
+int
+get_revocation_reason (PKT_signature *sig, char **r_reason,
+                       char **r_comment, size_t *r_commentlen)
+{
+  (void)sig;
+  (void)r_commentlen;
+
+  if (r_reason)
+    *r_reason = NULL;
+  if (r_comment)
+    *r_comment = NULL;
+  return 0;
+}

commit a8e24addcc4e0fdff7d07acdd7e13bf6febf97d2
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Jun 21 18:32:13 2018 +0200

    gpg: Print revocation reason for "rvs" records.
    
    * g10/import.c (get_revocation_reason): New.
    (list_standalone_revocation): Extend function.
    --
    
    Note that this function extends the "rvs" field signature-class (field
    11) with the revocation reason.  GPGME does not yet parse this but it
    can be expected that the comma delimiter does not break other parsers.
    
    A new field is added to the "rvs" (and in future also the "rev")
    record to carry a record specific comment.  Hopefully all parsers
    meanwhile learned the lesson from other new fields and don't bail out
    on more fields than they know about.
    
    This is partial solution to
    GnuPG-bug-id: 1173
    
    Signed-off-by: Werner Koch <wk at gnupg.org>
    (cherry picked from commit b7cd2c2093ae1b47645be50fa1d431a028187cad)

diff --git a/doc/DETAILS b/doc/DETAILS
index ce666da..dea9d42 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -180,6 +180,9 @@ described here.
     revocation key is also given here, 'x' and 'l' is used the same
     way.  This field if not used for X.509.
 
+    "rev" and "rvs" may be followed by a comma and a 2 digit hexnumber
+    with the revocation reason.
+
 *** Field 12 - Key capabilities
 
     The defined capabilities are:
@@ -260,6 +263,12 @@ described here.
     optionally followed by a space and an URL.  This goes along with
     the previous field.  The URL is quoted in C style.
 
+*** Field 21 - Comment
+
+    This is currently only used in "rev" and "rvs" records to carry
+    the the comment field of the recocation reason.  The value is
+    quoted in C style.
+
 ** Special fields
 
 *** PKD - Public key data
diff --git a/g10/import.c b/g10/import.c
index 0f2ccfd..49381d4 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -2614,6 +2614,69 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock,
 
 
 
+/* Return the recocation reason from signature SIG.  If no revocation
+ * reason is availabale 0 is returned, in other cases the reason
+ * (0..255).  If R_REASON is not NULL a malloced textual
+ * representation of the code is stored there.  If R_COMMENT is not
+ * NULL the comment from the reason is stored there and its length at
+ * R_COMMENTLEN.  Note that the value at R_COMMENT is not filtered but
+ * user supplied data in UTF8; thus it needs to be escaped for display
+ * purposes.  Both return values are either NULL or a malloced
+ * string/buffer.  */
+int
+get_revocation_reason (PKT_signature *sig, char **r_reason,
+                       char **r_comment, size_t *r_commentlen)
+{
+  int reason_seq = 0;
+  size_t reason_n;
+  const byte *reason_p;
+  char reason_code_buf[20];
+  const char *reason_text = NULL;
+  int reason_code = 0;
+
+  if (r_reason)
+    *r_reason = NULL;
+  if (r_comment)
+    *r_comment = NULL;
+
+  /* Skip over empty reason packets.  */
+  while ((reason_p = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REVOC_REASON,
+                                      &reason_n, &reason_seq, NULL))
+         && !reason_n)
+    ;
+  if (reason_p)
+    {
+      reason_code = *reason_p;
+      reason_n--; reason_p++;
+      switch (reason_code)
+        {
+        case 0x00: reason_text = _("No reason specified"); break;
+        case 0x01: reason_text = _("Key is superseded");   break;
+        case 0x02: reason_text = _("Key has been compromised"); break;
+        case 0x03: reason_text = _("Key is no longer used"); break;
+        case 0x20: reason_text = _("User ID is no longer valid"); break;
+        default:
+          snprintf (reason_code_buf, sizeof reason_code_buf,
+                    "code=%02x", reason_code);
+          reason_text = reason_code_buf;
+          break;
+        }
+
+      if (r_reason)
+        *r_reason = xstrdup (reason_text);
+
+      if (r_comment && reason_n)
+        {
+          *r_comment = xmalloc (reason_n);
+          memcpy (*r_comment, reason_p, reason_n);
+          *r_commentlen = reason_n;
+        }
+    }
+
+  return reason_code;
+}
+
+
 /* List the recocation signature as a "rvs" record.  SIGRC shows the
  * character from the signature verification or 0 if no public key was
  * found.  */
@@ -2623,6 +2686,10 @@ list_standalone_revocation (ctrl_t ctrl, PKT_signature *sig, int sigrc)
   char *siguid = NULL;
   size_t siguidlen = 0;
   char *issuer_fpr = NULL;
+  int reason_code = 0;
+  char *reason_text = NULL;
+  char *reason_comment = NULL;
+  size_t reason_commentlen;
 
   if (sigrc != '%' && sigrc != '?' && !opt.fast_list_mode)
     {
@@ -2632,6 +2699,9 @@ list_standalone_revocation (ctrl_t ctrl, PKT_signature *sig, int sigrc)
         sigrc = '?';
     }
 
+  reason_code = get_revocation_reason (sig, &reason_text,
+                                       &reason_comment, &reason_commentlen);
+
   if (opt.with_colons)
     {
       es_fputs ("rvs:", es_stdout);
@@ -2646,13 +2716,25 @@ list_standalone_revocation (ctrl_t ctrl, PKT_signature *sig, int sigrc)
       if (siguid)
         es_write_sanitized (es_stdout, siguid, siguidlen, ":", NULL);
 
-      es_fprintf (es_stdout, ":%02x%c::", sig->sig_class,
+      es_fprintf (es_stdout, ":%02x%c", sig->sig_class,
                   sig->flags.exportable ? 'x' : 'l');
+      if (reason_text)
+        es_fprintf (es_stdout, ",%02x", reason_code);
+      es_fputs ("::", es_stdout);
 
       if ((issuer_fpr = issuer_fpr_string (sig)))
         es_fputs (issuer_fpr, es_stdout);
 
-      es_fprintf (es_stdout, ":::%d:\n", sig->digest_algo);
+      es_fprintf (es_stdout, ":::%d:", sig->digest_algo);
+
+      if (reason_comment)
+        {
+          es_fputs ("::::", es_stdout);
+          es_write_sanitized (es_stdout, reason_comment, reason_commentlen,
+                              ":", NULL);
+          es_putc (':', es_stdout);
+        }
+      es_putc ('\n', es_stdout);
 
       if (opt.show_subpackets)
         print_subpackets_colon (sig);
@@ -2693,10 +2775,43 @@ list_standalone_revocation (ctrl_t ctrl, PKT_signature *sig, int sigrc)
       if (sig->flags.pref_ks
           && (opt.list_options & LIST_SHOW_KEYSERVER_URLS))
         show_keyserver_url (sig, 3, 0);
+
+      if (reason_text)
+        {
+          es_fprintf (es_stdout, "      %s%s\n",
+                      _("reason for revocation: "), reason_text);
+          if (reason_comment)
+            {
+              const byte *s, *s_lf;
+              size_t n, n_lf;
+
+              s = reason_comment;
+              n = reason_commentlen;
+              s_lf = NULL;
+              do
+                {
+                  /* We don't want any empty lines, so we skip them.  */
+                  for (;n && *s == '\n'; s++, n--)
+                    ;
+                  if (n)
+                    {
+                      s_lf = memchr (s, '\n', n);
+                      n_lf = s_lf? s_lf - s : n;
+                      es_fprintf (es_stdout, "         %s",
+                                  _("revocation comment: "));
+                      es_write_sanitized (es_stdout, s, n_lf, NULL, NULL);
+                      es_putc ('\n', es_stdout);
+                      s += n_lf; n -= n_lf;
+                    }
+                } while (s_lf);
+            }
+        }
     }
 
   es_fflush (es_stdout);
 
+  xfree (reason_text);
+  xfree (reason_comment);
   xfree (siguid);
   xfree (issuer_fpr);
 }
diff --git a/g10/pkclist.c b/g10/pkclist.c
index dc19204..03ad4c8 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -113,7 +113,7 @@ void
 show_revocation_reason (ctrl_t ctrl, PKT_public_key *pk, int mode)
 {
     /* Hmmm, this is not so easy because we have to duplicate the code
-     * used in the trustbd to calculate the keyflags.  We need to find
+     * used in the trustdb to calculate the keyflags.  We need to find
      * a clean way to check revocation certificates on keys and
      * signatures.  And there should be no duplicate code.  Because we
      * enter this function only when the trustdb told us that we have

commit 5c67ee160d4969b1ef94642ac602e1aed4d9a6d7
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Jun 21 15:06:30 2018 +0200

    gpg: Let --show-keys print revocation certificates.
    
    * g10/import.c (list_standalone_revocation): New.
    (import_revoke_cert): Call new function.
    --
    
    GnuPG-bug-id: 4018
    Signed-off-by: Werner Koch <wk at gnupg.org>
    (cherry picked from commit 386b9c4f25b28fd769d7563f2d86ac3a19cc3011)

diff --git a/doc/DETAILS b/doc/DETAILS
index 16e77c7..ce666da 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -59,6 +59,7 @@ described here.
     - uat :: User attribute (same as user id except for field 10).
     - sig :: Signature
     - rev :: Revocation signature
+    - rvs :: Recocation signature (standalone) [since 2.2.9]
     - fpr :: Fingerprint (fingerprint is in field 10)
     - pkd :: Public key data [*]
     - grp :: Keygrip
@@ -207,12 +208,13 @@ described here.
     For "uid" records this field lists the preferences in the same way
     gpg's --edit-key menu does.
 
-    For "sig" records, this is the fingerprint of the key that issued
-    the signature.  Note that this may only be filled if the signature
-    verified correctly.  Note also that for various technical reasons,
-    this fingerprint is only available if --no-sig-cache is used.
-    Since 2.2.7 this field will also be set if the key is missing but
-    the signature carries an issuer fingerprint as meta data.
+    For "sig", "rev" and "rvs" records, this is the fingerprint of the
+    key that issued the signature.  Note that this may only be filled
+    if the signature verified correctly.  Note also that for various
+    technical reasons, this fingerprint is only available if
+    --no-sig-cache is used.  Since 2.2.7 this field will also be set
+    if the key is missing but the signature carries an issuer
+    fingerprint as meta data.
 
 *** Field 14 - Flag field
 
diff --git a/g10/import.c b/g10/import.c
index ed3ada5..0f2ccfd 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -2613,6 +2613,95 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock,
 }
 
 
+
+/* List the recocation signature as a "rvs" record.  SIGRC shows the
+ * character from the signature verification or 0 if no public key was
+ * found.  */
+static void
+list_standalone_revocation (ctrl_t ctrl, PKT_signature *sig, int sigrc)
+{
+  char *siguid = NULL;
+  size_t siguidlen = 0;
+  char *issuer_fpr = NULL;
+
+  if (sigrc != '%' && sigrc != '?' && !opt.fast_list_mode)
+    {
+      int nouid;
+      siguid = get_user_id (ctrl, sig->keyid, &siguidlen, &nouid);
+      if (nouid)
+        sigrc = '?';
+    }
+
+  if (opt.with_colons)
+    {
+      es_fputs ("rvs:", es_stdout);
+      if (sigrc)
+        es_putc (sigrc, es_stdout);
+      es_fprintf (es_stdout, "::%d:%08lX%08lX:%s:%s:::",
+                  sig->pubkey_algo,
+                  (ulong) sig->keyid[0], (ulong) sig->keyid[1],
+                  colon_datestr_from_sig (sig),
+                  colon_expirestr_from_sig (sig));
+
+      if (siguid)
+        es_write_sanitized (es_stdout, siguid, siguidlen, ":", NULL);
+
+      es_fprintf (es_stdout, ":%02x%c::", sig->sig_class,
+                  sig->flags.exportable ? 'x' : 'l');
+
+      if ((issuer_fpr = issuer_fpr_string (sig)))
+        es_fputs (issuer_fpr, es_stdout);
+
+      es_fprintf (es_stdout, ":::%d:\n", sig->digest_algo);
+
+      if (opt.show_subpackets)
+        print_subpackets_colon (sig);
+    }
+  else /* Human readable. */
+    {
+      es_fputs ("rvs", es_stdout);
+      es_fprintf (es_stdout, "%c%c %c%c%c%c%c%c %s %s",
+		  sigrc, (sig->sig_class - 0x10 > 0 &&
+			  sig->sig_class - 0x10 <
+			  4) ? '0' + sig->sig_class - 0x10 : ' ',
+		  sig->flags.exportable ? ' ' : 'L',
+		  sig->flags.revocable ? ' ' : 'R',
+		  sig->flags.policy_url ? 'P' : ' ',
+		  sig->flags.notation ? 'N' : ' ',
+		  sig->flags.expired ? 'X' : ' ',
+		  (sig->trust_depth > 9) ? 'T' : (sig->trust_depth >
+						  0) ? '0' +
+		  sig->trust_depth : ' ', keystr (sig->keyid),
+		  datestr_from_sig (sig));
+      if (siguid)
+        {
+          es_fprintf (es_stdout, "  ");
+          print_utf8_buffer (es_stdout, siguid, siguidlen);
+        }
+      es_putc ('\n', es_stdout);
+
+      if (sig->flags.policy_url
+          && (opt.list_options & LIST_SHOW_POLICY_URLS))
+        show_policy_url (sig, 3, 0);
+
+      if (sig->flags.notation && (opt.list_options & LIST_SHOW_NOTATIONS))
+        show_notation (sig, 3, 0,
+                       ((opt.list_options & LIST_SHOW_STD_NOTATIONS) ? 1 : 0)
+                       +
+                       ((opt.list_options & LIST_SHOW_USER_NOTATIONS) ? 2 : 0));
+
+      if (sig->flags.pref_ks
+          && (opt.list_options & LIST_SHOW_KEYSERVER_URLS))
+        show_keyserver_url (sig, 3, 0);
+    }
+
+  es_fflush (es_stdout);
+
+  xfree (siguid);
+  xfree (issuer_fpr);
+}
+
+
 /****************
  * Import a revocation certificate; this is a single signature packet.
  */
@@ -2626,6 +2715,11 @@ import_revoke_cert (ctrl_t ctrl, kbnode_t node, unsigned int options,
   KEYDB_HANDLE hd = NULL;
   u32 keyid[2];
   int rc = 0;
+  int sigrc = 0;
+  int silent;
+
+  /* No error output for --show-keys.  */
+  silent = (options & (IMPORT_SHOW | IMPORT_DRY_RUN));
 
   log_assert (!node->next );
   log_assert (node->pkt->pkttype == PKT_SIGNATURE );
@@ -2638,15 +2732,16 @@ import_revoke_cert (ctrl_t ctrl, kbnode_t node, unsigned int options,
   rc = get_pubkey (ctrl, pk, keyid );
   if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY )
     {
-      log_error(_("key %s: no public key -"
-                  " can't apply revocation certificate\n"), keystr(keyid));
+      if (!silent)
+        log_error (_("key %s: no public key -"
+                     " can't apply revocation certificate\n"), keystr(keyid));
       rc = 0;
       goto leave;
     }
   else if (rc )
     {
-      log_error(_("key %s: public key not found: %s\n"),
-                keystr(keyid), gpg_strerror (rc));
+      log_error (_("key %s: public key not found: %s\n"),
+                 keystr(keyid), gpg_strerror (rc));
       goto leave;
     }
 
@@ -2683,12 +2778,21 @@ import_revoke_cert (ctrl_t ctrl, kbnode_t node, unsigned int options,
 
   /* it is okay, that node is not in keyblock because
    * check_key_signature works fine for sig_class 0x20 (KEY_REV) in
-   * this special case. */
+   * this special case.  SIGRC is only used for IMPORT_SHOW.  */
   rc = check_key_signature (ctrl, keyblock, node, NULL);
+  switch (gpg_err_code (rc))
+    {
+    case 0:                       sigrc = '!'; break;
+    case GPG_ERR_BAD_SIGNATURE:   sigrc = '-'; break;
+    case GPG_ERR_NO_PUBKEY:       sigrc = '?'; break;
+    case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break;
+    default:                      sigrc = '%'; break;
+    }
   if (rc )
     {
-      log_error( _("key %s: invalid revocation certificate"
-                   ": %s - rejected\n"), keystr(keyid), gpg_strerror (rc));
+      if (!silent)
+        log_error (_("key %s: invalid revocation certificate"
+                     ": %s - rejected\n"), keystr(keyid), gpg_strerror (rc));
       goto leave;
     }
 
@@ -2738,6 +2842,9 @@ import_revoke_cert (ctrl_t ctrl, kbnode_t node, unsigned int options,
   stats->n_revoc++;
 
  leave:
+  if ((options & IMPORT_SHOW))
+    list_standalone_revocation (ctrl, node->pkt->pkt.signature, sigrc);
+
   keydb_release (hd);
   release_kbnode( keyblock );
   free_public_key( pk );

-----------------------------------------------------------------------

Summary of changes:
 doc/DETAILS      |  23 ++++--
 g10/gpgv.c       |  15 ++++
 g10/import.c     | 236 +++++++++++++++++++++++++++++++++++++++++++++++++++++--
 g10/keylist.c    |  72 ++++++++++++++++-
 g10/main.h       |   3 +
 g10/pkclist.c    |   2 +-
 g10/test-stubs.c |  14 ++++
 7 files changed, 347 insertions(+), 18 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org




More information about the Gnupg-commits mailing list