[Pgp-tools-commit] r762 - in trunk: caff debian

Wed Jan 21 00:16:03 UTC 2015

Author: guilhem-guest
Date: 2015-01-21 00:16:03 +0000 (Wed, 21 Jan 2015)
New Revision: 762

Modified:
   trunk/caff/caff
   trunk/debian/changelog
Log:
caff: use --local-user instead of unnecessarily importing all keys.

(the public part of *all* keys found in the secret keyring).  Defaulting
$CONFIG{'local-user'} to $CONFIG{'keyid'} is a much better fix for the
behavior reported in #771857 than what was pushed in r741.

Modified: trunk/caff/caff
===================================================================

--- trunk/caff/caff	2015-01-21 00:15:54 UTC (rev 761)
+++ trunk/caff/caff	2015-01-21 00:16:03 UTC (rev 762)
@@ -1038,18 +1038,16 @@
 #         (undef) if no valid key has been found
 #
 sub get_local_user_keys() {
-	my @local_user;
-	
 	# No user-defined key id has been specified by the user, no need for
 	# further checks
-	return undef unless $CONFIG{'local-user'};
-	
+	return @{$CONFIG{'keyid'}} unless $CONFIG{'local-user'};
+
 	# Parse the list of keys
 	my @key_list = ref $CONFIG{'local-user'} ?  @{$CONFIG{'local-user'}} : split /\s*,\s*/, $CONFIG{'local-user'};
+	my @local_user;
 
 	# Check every key defined by the user...
 	for my $user_key (@key_list) {
-		
 		unless ($user_key =~ m/^((?:0x)?\p{AHex}{8}|(?:0x)?\p{AHex}{16}|\p{AHex}{40}|(?:\p{AHex}{4} ){5}(?: \p{AHex}{4}){5})$/) {
 			mywarn "Local-user $user_key is not a valid keyid.";
 			next;
@@ -1068,7 +1066,7 @@
 	}
 
 	# If no local-user key are valid, there is no need to go further
-	myerror	(1, "None of the local-user keys seem to be known as a keyid listed in ~/.caffrc.") unless defined $local_user[0];
+	myerror	(1, "None of the local-user keys seem to be known as a keyid listed in ~/.caffrc.") unless @local_user;
 	return @local_user;
 }
 
@@ -1132,48 +1130,7 @@
 	# void context
 }
 
-
 ##
-# Import (the public part part of) each key listed in the private
-# keyring, and ensure that this includes all of the @{$CONFIG{keyid}}.
-# We don't import only the @{$CONFIG{keyid}} because gpg exits the edit
-# prompt with return value 2 whenever a key in the secret keyring
-# doesn't have a public counterpart.
-#
-sub import_mykeys () {
-	my @fprs;
-	my $gpg = GnuPG::Interface->new();
-	$gpg->call( $CONFIG{'gpg'} );
-	$gpg->options->hash_init(
-		'meta_interactive' => 0,
-		'always_trust' => 1,
-		'homedir' => $GNUPGHOME,
-		'extra_args' => [ qw{ --no-auto-check-trustdb --fingerprint --with-colons } ] );
-
-	my $handles = make_gpg_fds( stdin => $NULL, stdout => undef, stderr => \*STDERR );
-	my $pid = $gpg->list_secret_keys( handles => $handles );
-
-	my $stdout = $handles->{stdout};
-	while (<$stdout>) {
-		push @fprs, $1 if /^fpr:(?:[^:]*:){8}([0-9A-F]{40})(?::.*)?$/;
-	}
-	waitpid $pid, 0;
-	close $stdout;
-
-	die "Error: No secret key.\nIf an empty secret keyring 'secring.gpg' ('private-keys-v1.d' for GnuPG 2.1 and latter) ".
-		"was automatically created by gpg(1) in $CONFIG{'caffhome'}/gnupghome, you may want to remove it and restart caff to ".
-		"use the secret keyring from your default GnuPGHOME instead.\n" unless @fprs;
-
-	foreach my $keyid (@{$CONFIG{'keyid'}}) {
-		die "Your key $keyid could not be imported from your normal GnuPGHOME.\n"
-			unless grep /\Q$keyid\E$/, @fprs; # not in the private keyring
-	}
-
-	my @failed = import_keys_from_gnupghome(\@fprs, undef, $GNUPGHOME, 'export-minimal');
-	die "Not all keys could be imported from your normal GnuPGHOME.\n" if @failed;
-}
-
-##
 # Import a key file into a specified gnupghome.
 #
 # @param keyfile       file containing the keys to import
@@ -1382,7 +1339,9 @@
 #################
 # import own keys
 #################
-import_mykeys();
+import_keys_from_gnupghome(\@{$CONFIG{'keyid'}}, undef, $GNUPGHOME) and
+	die "Not all keys in '\$CONFIG{'keyid'}' could be imported from your normal GnuPGHOME.\n";
+
 import_keys_to_sign();
 
 #############################
@@ -1552,7 +1511,7 @@
 		foreach my $local_user (@LOCAL_USER) {
 			my @command;
 			push @command, $CONFIG{'gpg-sign'};
-			push @command, '--local-user', $local_user if defined $local_user;
+			push @command, '--local-user', $local_user;
 			push @command, "--homedir=$GNUPGHOME";
 			push @command, qw/--no-auto-check-trustdb --trust-model=always/;
 			push @command, '--edit-key', $keyid;
@@ -1695,7 +1654,7 @@
 			foreach my $local_user (@LOCAL_USER) {
 				my @command;
 				push @command, $CONFIG{'gpg-sign'};
-				push @command, '--local-user', $local_user if defined $local_user;
+				push @command, '--local-user', $local_user;
 				push @command, qw/--no-auto-check-trustdb --trust-model=always/;
 				push @command, '--edit-key', $keyid;
 				push @command, 'showphoto' if $CONFIG{'show-photos'};

Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog	2015-01-21 00:15:54 UTC (rev 761)
+++ trunk/debian/changelog	2015-01-21 00:16:03 UTC (rev 762)
@@ -9,6 +9,10 @@
     + Don't redirect gpg's STDERR when listing the keys, as it makes gpg
       croak on OSX when GPG_TTY is not set.  Patch from Ewen McNeill.
       (Closes: #775702)
+    + Default $CONFIG{'local-user'} to $CONFIG{'keyid'} rather than importing
+      the public part of *all* keys found in the secret keyring.  (When not
+      pruning the good keys with -u, gpg(1) croaks with exit status 2 when
+      there are secret keys without public part.)
 
  -- Guilhem Moulin <guilhem at guilhem.org>  Sat, 03 Jan 2015 11:36:26 +0100
 


