[Pgp-tools-commit] r863 - in trunk: caff debian
Guilhem Moulin
guilhem-guest at moszumanska.debian.org
Mon Jul 11 22:36:18 UTC 2016
Author: guilhem-guest
Date: 2016-07-11 22:36:18 +0000 (Mon, 11 Jul 2016)
New Revision: 863
Modified:
trunk/caff/caff
trunk/debian/changelog
Log:
Use full fingerprints internally to avoid collisions.
Modified: trunk/caff/caff
===================================================================
--- trunk/caff/caff 2016-07-11 22:36:10 UTC (rev 862)
+++ trunk/caff/caff 2016-07-11 22:36:18 UTC (rev 863)
@@ -1627,7 +1627,8 @@
while (readline $handles->{stdout}) {
if (/^pub:([^:]+):(?:[^:]*:){2}([0-9A-F]{16}):(?:[^:]*:){6}([^:]+)/) {
if (exists $KEYS{$keyid}) {
- mywarn("More than one key matched $keyid; try to specify the long keyid or fingerprint");
+ mywarn( "More than one key matched $keyid (assuming $KEYS{$keyid}->{fpr}). "
+ . "Try to specify the long keyid or full fingerprint to avoid collisions.");
last;
} elsif ($1 =~ /[eir]/ or $3 =~ /D/ ) {
mywarn("Ignoring unusable key $keyid");
@@ -1679,7 +1680,7 @@
for my $keyid (@KEYIDS) {
next unless exists $KEYS{$keyid};
- my $longkeyid = $KEYS{$keyid}->{longkeyid};
+ my ($longkeyid, $fpr) = @{$KEYS{$keyid}}{qw/longkeyid fpr/};
###########
# sign keys
@@ -1693,7 +1694,7 @@
push @command, '--secret-keyring', $CONFIG{'secret-keyring'} if GnuPG_version('2.1.0') < 0;
push @command, qw/--no-auto-check-trustdb --trust-model=always/;
push @command, '--local-user', $local_user;
- push @command, '--edit-key', $keyid;
+ push @command, '--edit-key', $fpr;
push @command, 'showphoto' if $CONFIG{'show-photos'};
push @command, $CONFIG{'gpg-sign-type'}.'sign';
push @command, split ' ', $CONFIG{'gpg-sign-args'} || "";
@@ -1713,7 +1714,7 @@
# we can't use only one import here because the cleaning is done as the
# keys come and our keys might not be imported yet
import_keys_from_gnupghome($CONFIG{'keyid'}, $GNUPGHOME, $keydir, 'import-minimal', 'import-local-sigs');
- import_keys_from_gnupghome([$keyid], $GNUPGHOME, $keydir, 'import-clean', 'import-local-sigs');
+ import_keys_from_gnupghome([$fpr], $GNUPGHOME, $keydir, 'import-clean', 'import-local-sigs');
# the first UID. we won't delete that one when pruning for UATs because a key has to have at least one UID
my @uids = @{$KEYS{$keyid}->{uids}};
@@ -1742,7 +1743,7 @@
my $handles = mkGnuPG_fds( command => undef, stdout => undef, status => undef );
my $pid = $gpg->wrap_call(
commands => [ '--edit-key' ],
- command_args => [ $keyid ],
+ command_args => [ $fpr ],
handles => $handles );
debug("Starting edit session");
@@ -1791,11 +1792,11 @@
done_gpg($pid, $handles);
debug("Done editing");
- my $asciikey = export_keys($uiddir, [$keyid], 'export-local-sigs');
+ my $asciikey = export_keys($uiddir, [$fpr], 'export-local-sigs');
undef $uiddir; # delete dir
unless ($asciikey) {
- mywarn "No data from gpg for export $keyid";
+ mywarn "No data from gpg for export $fpr";
next;
};
@@ -1816,7 +1817,7 @@
my $handles = mkGnuPG_fds( command => undef, stdout => undef, status => undef );
my $pid = $gpg->wrap_call(
commands => [ '--edit-key' ],
- command_args => [ $keyid ],
+ command_args => [ $fpr ],
handles => $handles );
debug("Starting edit session on $keyid");
@@ -1830,7 +1831,7 @@
# import the pruned keys with our own local sigs only; this is
# required even if there are no lsigs, to ensure we've got all
# UIDs in our own GnuPGHOME
- import_keys_from_gnupghome( [$keyid], $keydir, undef, 'import-local-sigs' );
+ import_keys_from_gnupghome( [$fpr], $keydir, undef, 'import-local-sigs' );
}
undef $keydir; # delete dir
@@ -1842,7 +1843,7 @@
push @command, '--secret-keyring', $CONFIG{'secret-keyring'} if GnuPG_version('2.1.0') < 0;
push @command, qw/--no-auto-check-trustdb --trust-model=always/;
push @command, '--local-user', $local_user;
- push @command, '--edit-key', $keyid;
+ push @command, '--edit-key', $fpr;
push @command, 'showphoto' if $CONFIG{'show-photos'};
push @command, 'lsign';
push @command, split ' ', $CONFIG{'gpg-sign-args'} || "";
@@ -1873,7 +1874,7 @@
my $handles = mkGnuPG_fds( command => undef, stdout => undef, status => undef );
my $pid = $gpg->wrap_call(
commands => [ '--edit-key' ],
- command_args => [ $keyid ],
+ command_args => [ $fpr ],
handles => $handles );
debug("Starting edit session on $keyid, signer $u");
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2016-07-11 22:36:10 UTC (rev 862)
+++ trunk/debian/changelog 2016-07-11 22:36:18 UTC (rev 863)
@@ -15,6 +15,7 @@
~/.gnup/gpg.conf and pass the GnuPG options that are known to be safe
(and useful) for caff to gpg(1) using command line options. This soves
the problem of lingering configuration files in case caff is killed.
+ + Use full fingerprints internally to avoid collisions.
* d/source.lintian-overrides: Add 'debian-watch-file-is-missing' as we're
upstream.
More information about the Pgp-tools-commit
mailing list