[Pkg-gnupg-commit] [gnupg2] 06/112: wks: Publish as binary file.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Aug 30 17:48:13 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit b7b37716b9d2cd1b71b5f7f0e4fb2c1a43eee90a
Author: Werner Koch <wk at gnupg.org>
Date: Fri Jul 15 17:20:43 2016 +0200
wks: Publish as binary file.
* tools/gpg-wks-server.c (copy_key_as_binary): New.
(check_and_publish): Use new function instead of rename.
--
Signed-off-by: Werner Koch <wk at gnupg.org>
---
tools/gpg-wks-client.c | 5 +++-
tools/gpg-wks-server.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++--
2 files changed, 76 insertions(+), 3 deletions(-)
diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c
index 2ee23d7..2c9cc4f 100644
--- a/tools/gpg-wks-client.c
+++ b/tools/gpg-wks-client.c
@@ -698,7 +698,10 @@ process_confirmation_request (estream_t msg)
}
address = value;
/* FIXME: Check that the "address" matches the User ID we want to
- * publish. */
+ * publish. Also get the "fingerprint" and compare that to our to
+ * be published key. Further we should make sure that we actually
+ * decrypted using that fingerprint (which is a bit problematic if
+ * --read is used). */
/* Get the sender. */
if (!((item = nvc_lookup (nvc, "sender:")) && (value = nve_value (item))
diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c
index f15085f..e872824 100644
--- a/tools/gpg-wks-server.c
+++ b/tools/gpg-wks-server.c
@@ -506,6 +506,75 @@ list_key (server_ctx_t ctx, estream_t key)
}
+/* Take the key in KEYFILE and write it to OUTFILE in binary encoding.
+ * If ADDRSPEC is given only matching user IDs are included in the
+ * output. */
+static gpg_error_t
+copy_key_as_binary (const char *keyfile, const char *outfile,
+ const char *addrspec)
+{
+ gpg_error_t err;
+ ccparray_t ccp;
+ const char **argv;
+ char *filterexp = NULL;
+
+ if (addrspec)
+ {
+ filterexp = es_bsprintf ("keep-uid=mbox = %s", addrspec);
+ if (!filterexp)
+ {
+ err = gpg_error_from_syserror ();
+ log_error ("error allocating memory buffer: %s\n",
+ gpg_strerror (err));
+ goto leave;
+ }
+ }
+
+ ccparray_init (&ccp, 0);
+
+ ccparray_put (&ccp, "--no-options");
+ if (!opt.verbose)
+ ccparray_put (&ccp, "--quiet");
+ else if (opt.verbose > 1)
+ ccparray_put (&ccp, "--verbose");
+ ccparray_put (&ccp, "--batch");
+ ccparray_put (&ccp, "--yes");
+ ccparray_put (&ccp, "--always-trust");
+ ccparray_put (&ccp, "--no-keyring");
+ ccparray_put (&ccp, "--output");
+ ccparray_put (&ccp, outfile);
+ ccparray_put (&ccp, "--import-options=import-export");
+ if (filterexp)
+ {
+ ccparray_put (&ccp, "--import-filter");
+ ccparray_put (&ccp, filterexp);
+ }
+ ccparray_put (&ccp, "--import");
+ ccparray_put (&ccp, "--");
+ ccparray_put (&ccp, keyfile);
+
+ ccparray_put (&ccp, NULL);
+ argv = ccparray_get (&ccp, NULL);
+ if (!argv)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ err = gnupg_exec_tool_stream (opt.gpg_program, argv, NULL,
+ NULL, NULL, NULL, NULL);
+ if (err)
+ {
+ log_error ("%s failed: %s\n", __func__, gpg_strerror (err));
+ goto leave;
+ }
+
+ leave:
+ xfree (filterexp);
+ xfree (argv);
+ return err;
+}
+
+
/* Take the key in KEYFILE and write it to DANEFILE using the DANE
* output format. */
static gpg_error_t
@@ -1091,10 +1160,11 @@ check_and_publish (server_ctx_t ctx, const char *address, const char *nonce)
}
/* Publish. */
- if (rename (fname, fnewname))
+ err = copy_key_as_binary (fname, fnewname, address);
+ if (err)
{
err = gpg_error_from_syserror ();
- log_error ("renaming '%s' to '%s' failed: %s\n",
+ log_error ("copying '%s' to '%s' failed: %s\n",
fname, fnewname, gpg_strerror (err));
goto leave;
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list