[Pkg-gnupg-commit] [gnupg2] 93/241: g10: notify a user when importing stub is skipped.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Dec 9 20:32:00 UTC 2015
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit 06f3eadb22986d9ebde9efff2794eb1d45d6c6d4
Author: NIIBE Yutaka <gniibe at fsij.org>
Date: Mon Nov 2 14:33:38 2015 +0900
g10: notify a user when importing stub is skipped.
* g10/import.c (transfer_secret_keys): Return GPG_ERR_NOT_PROCESSED
when stub_key_skipped.
(import_secret_one): Notify a user, suggesting --card-status.
--
Migration to 2.1 might be confusing with smartcard. With this patch,
a user can learn to run gpg ---card-status.
Thanks to intrigeri for the report.
Debian-bug-id: 795881
---
g10/import.c | 31 +++++++++++++++++++++++++++++--
1 file changed, 29 insertions(+), 2 deletions(-)
diff --git a/g10/import.c b/g10/import.c
index 048b136..82ccfa7 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -1331,6 +1331,7 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock,
unsigned char *wrappedkey = NULL;
size_t wrappedkeylen;
char *cache_nonce = NULL;
+ int stub_key_skipped = 0;
/* Get the current KEK. */
err = agent_keywrap_key (ctrl, 0, &kek, &keklen);
@@ -1391,7 +1392,10 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock,
has been inserted and a stub key is in turn generated by the
agent. */
if (ski->s2k.mode == 1001 || ski->s2k.mode == 1002)
- continue;
+ {
+ stub_key_skipped = 1;
+ continue;
+ }
/* Convert our internal secret key object into an S-expression. */
nskey = pubkey_get_nskey (pk->pubkey_algo);
@@ -1568,6 +1572,10 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock,
}
}
+ if (!err && stub_key_skipped)
+ /* We need to notify user how to migrate stub keys. */
+ err = gpg_error (GPG_ERR_NOT_PROCESSED);
+
leave:
gcry_sexp_release (curve);
xfree (cache_nonce);
@@ -1757,8 +1765,27 @@ import_secret_one (ctrl_t ctrl, const char *fname, kbnode_t keyblock,
keystr_from_pk (pk));
else
{
+ gpg_error_t err;
+
nr_prev = stats->secret_imported;
- if (!transfer_secret_keys (ctrl, stats, keyblock, batch))
+ err = transfer_secret_keys (ctrl, stats, keyblock, batch);
+ if (gpg_err_code (err) == GPG_ERR_NOT_PROCESSED)
+ {
+ /* TRANSLATORS: For smarcard, each private key on
+ host has a reference (stub) to a smartcard and
+ actual private key data is stored on the card. A
+ single smartcard can have up to three private key
+ data. Importing private key stub is always
+ skipped in 2.1, and it returns
+ GPG_ERR_NOT_PROCESSED. Instead, user should be
+ suggested to run 'gpg --card-status', then,
+ references to a card will be automatically
+ created again. */
+ log_info (_("To migrate secring.gpg, with each smartcard, run:"
+ "gpg --card-status"));
+ err = 0;
+ }
+ if (!err)
{
int status = 16;
if (!opt.quiet)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list