[Pgp-tools-commit] r741 - in trunk: caff debian

Wed Dec 3 00:25:26 UTC 2014

Author: guilhem-guest
Date: 2014-12-03 00:25:26 +0000 (Wed, 03 Dec 2014)
New Revision: 741

Modified:
   trunk/caff/caff
   trunk/debian/changelog
Log:
caff: Import the public part of *all* keys found in the secret keyring.

(Not only those in @{$CONFIG{keyid}}.)  Otherwise gpg(1) croaks with
exit status 2 when there are secret keys without public part.
Closes #771857

Modified: trunk/caff/caff
===================================================================

--- trunk/caff/caff	2014-12-03 00:25:19 UTC (rev 740)
+++ trunk/caff/caff	2014-12-03 00:25:26 UTC (rev 741)
@@ -1119,7 +1119,43 @@
 	# void context
 }
 
+
 ##
+# Import (the public part part of) each key listed in the private
+# keyring, and ensure that this includes all of the @{$CONFIG{keyid}}.
+# We don't import only the @{$CONFIG{keyid}} because gpg exits the edit
+# prompt with return value 2 whenever a key in the secret keyring
+# doesn't have a public counterpart.
+#
+sub import_mykeys () {
+	my @fprs;
+	my $gpg = GnuPG::Interface->new();
+	$gpg->call( $CONFIG{'gpg'} );
+	$gpg->options->hash_init(
+		'meta_interactive' => 0,
+		'always_trust' => 1,
+		'extra_args' => [ '--secret-keyring', $CONFIG{'secret-keyring'}
+						, qw{ --no-auto-check-trustdb --fingerprint --with-colons --fixed-list-mode } ] );
+
+	my $handles = make_gpg_fds( stdin => $NULL, stdout => undef, stderr => $NULL );
+	my $pid = $gpg->list_secret_keys( handles => $handles );
+
+	my $stdout = $handles->{stdout};
+	while (<$stdout>) {
+		push @fprs, $1 if /^fpr:(?:[^:]*:){8}([0-9A-F]{40})(?::.*)?$/;
+	}
+	waitpid $pid, 0;
+	close $stdout;
+
+	my @failed = import_keys_from_gnupghome(\@fprs, undef, $GNUPGHOME, 'export-minimal');
+	foreach my $keyid (@{$CONFIG{'keyid'}}) {
+		die "Your key $keyid could not be imported from your normal GnuPGHOME.\n"
+			unless grep /\Q$keyid\E$/, @fprs; # not in the private keyring
+	}
+	die "Not all keys could be imported from your normal GnuPGHOME.\n" if @failed;
+}
+
+##
 # Import a key file into a specified gnupghome.
 #
 # @param keyfile       file containing the keys to import
@@ -1328,9 +1364,7 @@
 #################
 # import own keys
 #################
-import_keys_from_gnupghome(\@{$CONFIG{'keyid'}}, undef, $GNUPGHOME) and
-	die "Not all keys in '\$CONFIG{'keyid'}' could be imported from your normal GnuPGHOME.\n";
-
+import_mykeys();
 import_keys_to_sign();
 
 #############################

Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog	2014-12-03 00:25:19 UTC (rev 740)
+++ trunk/debian/changelog	2014-12-03 00:25:26 UTC (rev 741)
@@ -8,6 +8,10 @@
     + Don't consider KEYEXPIRED and SIGEXPIRED as unknown reply from gpg when
       downloading a key containing a revoked subkey or UID from a keyserver.
       (Closes: #769892)
+    + Import the public part of *all* keys found in the secret keyring, not
+      only those in @{$CONFIG{keyid}}.  Otherwise gpg(1) croaks with exit
+      status 2 when there are secret keys without public part.
+      (Closes: #771857)
     + Add a configuration option 'mail-subject' to set the "Subject:" header
       field. (Closes: #771436)
 


