[Pgp-tools-commit] r863 - in trunk: caff debian

Guilhem Moulin guilhem-guest at moszumanska.debian.org
Mon Jul 11 22:36:18 UTC 2016 

Author: guilhem-guest
Date: 2016-07-11 22:36:18 +0000 (Mon, 11 Jul 2016)
New Revision: 863

Modified:
   trunk/caff/caff
   trunk/debian/changelog
Log:
Use full fingerprints internally to avoid collisions.

Modified: trunk/caff/caff
===================================================================
--- trunk/caff/caff	2016-07-11 22:36:10 UTC (rev 862)
+++ trunk/caff/caff	2016-07-11 22:36:18 UTC (rev 863)
@@ -1627,7 +1627,8 @@
     while (readline $handles->{stdout}) {
         if (/^pub:([^:]+):(?:[^:]*:){2}([0-9A-F]{16}):(?:[^:]*:){6}([^:]+)/) {
             if (exists $KEYS{$keyid}) {
-                mywarn("More than one key matched $keyid; try to specify the long keyid or fingerprint");
+                mywarn( "More than one key matched $keyid (assuming $KEYS{$keyid}->{fpr}).  "
+                      . "Try to specify the long keyid or full fingerprint to avoid collisions.");
                 last;
             } elsif ($1 =~ /[eir]/ or $3 =~ /D/ ) {
                 mywarn("Ignoring unusable key $keyid");
@@ -1679,7 +1680,7 @@
 
 for my $keyid (@KEYIDS) {
     next unless exists $KEYS{$keyid};
-    my $longkeyid = $KEYS{$keyid}->{longkeyid};
+    my ($longkeyid, $fpr) = @{$KEYS{$keyid}}{qw/longkeyid fpr/};
 
     ###########
     # sign keys
@@ -1693,7 +1694,7 @@
             push @command, '--secret-keyring', $CONFIG{'secret-keyring'} if GnuPG_version('2.1.0') < 0;
             push @command, qw/--no-auto-check-trustdb --trust-model=always/;
             push @command, '--local-user', $local_user;
-            push @command, '--edit-key', $keyid;
+            push @command, '--edit-key', $fpr;
             push @command, 'showphoto' if $CONFIG{'show-photos'};
             push @command, $CONFIG{'gpg-sign-type'}.'sign';
             push @command, split ' ', $CONFIG{'gpg-sign-args'} || "";
@@ -1713,7 +1714,7 @@
     # we can't use only one import here because the cleaning is done as the
     # keys come and our keys might not be imported yet
     import_keys_from_gnupghome($CONFIG{'keyid'}, $GNUPGHOME, $keydir, 'import-minimal', 'import-local-sigs');
-    import_keys_from_gnupghome([$keyid],         $GNUPGHOME, $keydir, 'import-clean',   'import-local-sigs');
+    import_keys_from_gnupghome([$fpr],           $GNUPGHOME, $keydir, 'import-clean',   'import-local-sigs');
 
     # the first UID. we won't delete that one when pruning for UATs because a key has to have at least one UID
     my @uids = @{$KEYS{$keyid}->{uids}};
@@ -1742,7 +1743,7 @@
         my $handles = mkGnuPG_fds( command => undef, stdout => undef, status => undef );
         my $pid = $gpg->wrap_call(
             commands     => [ '--edit-key' ],
-            command_args => [ $keyid ],
+            command_args => [ $fpr ],
             handles      => $handles );
 
         debug("Starting edit session");
@@ -1791,11 +1792,11 @@
         done_gpg($pid, $handles);
         debug("Done editing");
 
-        my $asciikey = export_keys($uiddir, [$keyid], 'export-local-sigs');
+        my $asciikey = export_keys($uiddir, [$fpr], 'export-local-sigs');
         undef $uiddir; # delete dir
 
         unless ($asciikey) {
-            mywarn "No data from gpg for export $keyid";
+            mywarn "No data from gpg for export $fpr";
             next;
         };
 
@@ -1816,7 +1817,7 @@
         my $handles = mkGnuPG_fds( command => undef, stdout => undef, status => undef );
         my $pid = $gpg->wrap_call(
             commands     => [ '--edit-key' ],
-            command_args => [ $keyid ],
+            command_args => [ $fpr ],
             handles      => $handles );
 
         debug("Starting edit session on $keyid");
@@ -1830,7 +1831,7 @@
         # import the pruned keys with our own local sigs only; this is
         # required even if there are no lsigs, to ensure we've got all
         # UIDs in our own GnuPGHOME
-        import_keys_from_gnupghome( [$keyid], $keydir, undef, 'import-local-sigs' );
+        import_keys_from_gnupghome( [$fpr], $keydir, undef, 'import-local-sigs' );
     }
     undef $keydir; # delete dir
 
@@ -1842,7 +1843,7 @@
             push @command, '--secret-keyring', $CONFIG{'secret-keyring'} if GnuPG_version('2.1.0') < 0;
             push @command, qw/--no-auto-check-trustdb --trust-model=always/;
             push @command, '--local-user', $local_user;
-            push @command, '--edit-key', $keyid;
+            push @command, '--edit-key', $fpr;
             push @command, 'showphoto' if $CONFIG{'show-photos'};
             push @command, 'lsign';
             push @command, split ' ', $CONFIG{'gpg-sign-args'} || "";
@@ -1873,7 +1874,7 @@
             my $handles = mkGnuPG_fds( command => undef, stdout => undef, status => undef );
             my $pid = $gpg->wrap_call(
                 commands     => [ '--edit-key' ],
-                command_args => [ $keyid ],
+                command_args => [ $fpr ],
                 handles      => $handles );
 
             debug("Starting edit session on $keyid, signer $u");

Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog	2016-07-11 22:36:10 UTC (rev 862)
+++ trunk/debian/changelog	2016-07-11 22:36:18 UTC (rev 863)
@@ -15,6 +15,7 @@
       ~/.gnup/gpg.conf and pass the GnuPG options that are known to be safe
       (and useful) for caff to gpg(1) using command line options.  This soves
       the problem of lingering configuration files in case caff is killed.
+    + Use full fingerprints internally to avoid collisions.
   * d/source.lintian-overrides: Add 'debian-watch-file-is-missing' as we're
     upstream.

More information about the Pgp-tools-commit mailing list