[Pkg-gnupg-commit] [gnupg2] 52/180: gpg: New option --quick-set-expire.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Dec 24 22:29:07 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit 41b3d0975de65d1654f5e37c626d7c9b7c9a7a4d
Author: Werner Koch <wk at gnupg.org>
Date: Mon Dec 5 10:58:39 2016 +0100
gpg: New option --quick-set-expire.
* g10/gpg.c (aQuickSetExpire): New.
(opts): New option --quick-set-expire.
(main): Implement option.
* g10/keyedit.c (menu_expire): Add args FORCE_MAINKEY and
NEWEXPIRATION. Change semantics of the return value. Change caller.
(keyedit_quick_set_expire): New.
--
This patch partly solves
GnuPG-bug-id: 2701
---
doc/gpg.texi | 6 +++
g10/export.c | 6 +--
g10/gpg.c | 16 +++++++
g10/keyedit.c | 144 ++++++++++++++++++++++++++++++++++++++++++++++++----------
g10/main.h | 2 +
5 files changed, 148 insertions(+), 26 deletions(-)
diff --git a/doc/gpg.texi b/doc/gpg.texi
index b01d0a3..9d51dcb 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -632,6 +632,12 @@ supplied passphrase is used for the new key and the agent does not ask
for it. To create a key without any protection @code{--passphrase ''}
may be used.
+ at item --quick-set-expire @code{fpr} @code{expire}
+ at opindex quick-set-expire
+Directly set the expiration time of the primary key to @code{expire}.
+To remove the expiration time @code{0} can be used.
+
+
@item --quick-addkey @code{fpr} [@code{algo} [@code{usage} [@code{expire}]]]
@opindex quick-addkey
Directly add a subkey to the key identified by the fingerprint
diff --git a/g10/export.c b/g10/export.c
index 6a5597c..ad42b41 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -1144,9 +1144,9 @@ print_status_exported (PKT_public_key *pk)
/*
* Receive a secret key from agent specified by HEXGRIP.
*
- * Since the key data from agant is encrypted, decrypt it by CIPHERHD.
- * Then, parse the decrypted key data in transfer format, and put
- * secret parameters into PK.
+ * Since the key data from the agent is encrypted, decrypt it using
+ * CIPHERHD context. Then, parse the decrypted key data into transfer
+ * format, and put secret parameters into PK.
*
* If CLEARTEXT is 0, store the secret key material
* passphrase-protected. Otherwise, store secret key material in the
diff --git a/g10/gpg.c b/g10/gpg.c
index 7cf51f2..2deb27a 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -123,6 +123,7 @@ enum cmd_and_opt_values
aQuickAddUid,
aQuickAddKey,
aQuickRevUid,
+ aQuickSetExpire,
aListConfig,
aListGcryptConfig,
aGPGConfList,
@@ -448,6 +449,8 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_c (aQuickAddKey, "quick-addkey", "@"),
ARGPARSE_c (aQuickRevUid, "quick-revuid",
N_("quickly revoke a user-id")),
+ ARGPARSE_c (aQuickSetExpire, "quick-set-expire",
+ N_("quickly set a new expiration date")),
ARGPARSE_c (aFullKeygen, "full-gen-key" ,
N_("full featured key pair generation")),
ARGPARSE_c (aGenRevoke, "gen-revoke",N_("generate a revocation certificate")),
@@ -2549,6 +2552,7 @@ main (int argc, char **argv)
case aQuickAddUid:
case aQuickAddKey:
case aQuickRevUid:
+ case aQuickSetExpire:
case aExportOwnerTrust:
case aImportOwnerTrust:
case aRebuildKeydbCaches:
@@ -4384,6 +4388,18 @@ main (int argc, char **argv)
}
break;
+ case aQuickSetExpire:
+ {
+ const char *x_fpr, *x_expire;
+
+ if (argc != 2)
+ wrong_args ("--quick-set-exipre FINGERPRINT EXPIRE");
+ x_fpr = *argv++; argc--;
+ x_expire = *argv++; argc--;
+ keyedit_quick_set_expire (ctrl, x_fpr, x_expire);
+ }
+ break;
+
case aFastImport:
opt.import_options |= IMPORT_FAST;
case aImport:
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 94fa8c4..dadf586 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -69,7 +69,8 @@ static int menu_delsig (KBNODE pub_keyblock);
static int menu_clean (KBNODE keyblock, int self_only);
static void menu_delkey (KBNODE pub_keyblock);
static int menu_addrevoker (ctrl_t ctrl, kbnode_t pub_keyblock, int sensitive);
-static int menu_expire (KBNODE pub_keyblock);
+static gpg_error_t menu_expire (kbnode_t pub_keyblock,
+ int force_mainkey, u32 newexpiration);
static int menu_changeusage (kbnode_t keyblock);
static int menu_backsign (KBNODE pub_keyblock);
static int menu_set_primary_uid (KBNODE pub_keyblock);
@@ -2599,7 +2600,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
break;
case cmdEXPIRE:
- if (menu_expire (keyblock))
+ if (gpg_err_code (menu_expire (keyblock, 0, 0)) == GPG_ERR_TRUE)
{
merge_keys_and_selfsig (keyblock);
run_subkey_warnings = 1;
@@ -3342,6 +3343,86 @@ keyedit_quick_addkey (ctrl_t ctrl, const char *fpr, const char *algostr,
}
+/* Unattended expiration setting function for the main key.
+ *
+ */
+void
+keyedit_quick_set_expire (ctrl_t ctrl, const char *fpr, const char *expirestr)
+{
+ gpg_error_t err;
+ kbnode_t keyblock;
+ KEYDB_HANDLE kdbhd;
+ int modified = 0;
+ PKT_public_key *pk;
+ u32 expire;
+
+#ifdef HAVE_W32_SYSTEM
+ /* See keyedit_menu for why we need this. */
+ check_trustdb_stale (ctrl);
+#endif
+
+ /* We require a fingerprint because only this uniquely identifies a
+ * key and may thus be used to select a key for unattended
+ * expiration setting. */
+ err = find_by_primary_fpr (ctrl, fpr, &keyblock, &kdbhd);
+ if (err)
+ goto leave;
+
+ if (fix_keyblock (&keyblock))
+ modified++;
+
+ pk = keyblock->pkt->pkt.public_key;
+ if (pk->flags.revoked)
+ {
+ if (!opt.verbose)
+ show_key_with_all_names (ctrl, es_stdout, keyblock, 0, 0, 0, 0, 0, 1);
+ log_error ("%s%s", _("Key is revoked."), "\n");
+ err = gpg_error (GPG_ERR_CERT_REVOKED);
+ goto leave;
+ }
+
+
+ expire = parse_expire_string (expirestr);
+ if (expire == (u32)-1 )
+ {
+ log_error (_("'%s' is not a valid expiration time\n"), expirestr);
+ err = gpg_error (GPG_ERR_INV_VALUE);
+ goto leave;
+ }
+ if (expire)
+ expire += make_timestamp ();
+
+ /* Set the new expiration date. */
+ err = menu_expire (keyblock, 1, expire);
+ if (gpg_err_code (err) == GPG_ERR_TRUE)
+ modified = 1;
+ else if (err)
+ goto leave;
+ es_fflush (es_stdout);
+
+ /* Store. */
+ if (modified)
+ {
+ err = keydb_update_keyblock (ctrl, kdbhd, keyblock);
+ if (err)
+ {
+ log_error (_("update failed: %s\n"), gpg_strerror (err));
+ goto leave;
+ }
+ if (update_trust)
+ revalidation_mark ();
+ }
+ else
+ log_info (_("Key not changed so no update needed.\n"));
+
+ leave:
+ release_kbnode (keyblock);
+ keydb_release (kdbhd);
+ if (err)
+ write_status_error ("set_expire", err);
+}
+
+
static void
tty_print_notations (int indent, PKT_signature * sig)
@@ -4736,36 +4817,50 @@ fail:
}
-static int
-menu_expire (KBNODE pub_keyblock)
+/* With FORCE_MAINKEY cleared this function handles the interactive
+ * menu option "expire". With FORCE_MAINKEY set this functions only
+ * sets the expiration date of the primary key to NEWEXPIRATION and
+ * avoid all interactivity. Retirns 0 if nothing was done,
+ * GPG_ERR_TRUE if the key was modified, or any other error code. */
+static gpg_error_t
+menu_expire (kbnode_t pub_keyblock, int force_mainkey, u32 newexpiration)
{
- int n1, signumber, rc;
+ int signumber, rc;
u32 expiredate;
int mainkey = 0;
PKT_public_key *main_pk, *sub_pk;
PKT_user_id *uid;
- KBNODE node;
+ kbnode_t node;
u32 keyid[2];
- n1 = count_selected_keys (pub_keyblock);
- if (n1 > 1)
+ if (force_mainkey)
{
- if (!cpr_get_answer_is_yes
- ("keyedit.expire_multiple_subkeys.okay",
- _("Are you sure you want to change the"
- " expiration time for multiple subkeys? (y/N) ")))
- return 0;
+ mainkey = 1;
+ expiredate = newexpiration;
}
- else if (n1)
- tty_printf (_("Changing expiration time for a subkey.\n"));
else
{
- tty_printf (_("Changing expiration time for the primary key.\n"));
- mainkey = 1;
- no_primary_warning (pub_keyblock);
+ int n1 = count_selected_keys (pub_keyblock);
+ if (n1 > 1)
+ {
+ if (!cpr_get_answer_is_yes
+ ("keyedit.expire_multiple_subkeys.okay",
+ _("Are you sure you want to change the"
+ " expiration time for multiple subkeys? (y/N) ")))
+ return gpg_error (GPG_ERR_CANCELED);;
+ }
+ else if (n1)
+ tty_printf (_("Changing expiration time for a subkey.\n"));
+ else
+ {
+ tty_printf (_("Changing expiration time for the primary key.\n"));
+ mainkey = 1;
+ no_primary_warning (pub_keyblock);
+ }
+
+ expiredate = ask_expiredate ();
}
- expiredate = ask_expiredate ();
/* Now we can actually change the self-signature(s) */
main_pk = sub_pk = NULL;
@@ -4781,7 +4876,7 @@ menu_expire (KBNODE pub_keyblock)
}
else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
{
- if (node->flag & NODFLG_SELKEY)
+ if ((node->flag & NODFLG_SELKEY) && !force_mainkey)
{
sub_pk = node->pkt->pkt.public_key;
sub_pk->expiredate = expiredate;
@@ -4795,6 +4890,7 @@ menu_expire (KBNODE pub_keyblock)
&& (mainkey || sub_pk))
{
PKT_signature *sig = node->pkt->pkt.signature;
+
if (keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
&& ((mainkey && uid
&& uid->created && (sig->sig_class & ~3) == 0x10)
@@ -4812,7 +4908,7 @@ menu_expire (KBNODE pub_keyblock)
{
log_info
(_("You can't change the expiration date of a v3 key\n"));
- return 0;
+ return gpg_error (GPG_ERR_LEGACY_KEY);
}
if (mainkey)
@@ -4827,7 +4923,9 @@ menu_expire (KBNODE pub_keyblock)
{
log_error ("make_keysig_packet failed: %s\n",
gpg_strerror (rc));
- return 0;
+ if (gpg_err_code (rc) == GPG_ERR_TRUE)
+ rc = GPG_ERR_GENERAL;
+ return rc;
}
/* Replace the packet. */
@@ -4843,7 +4941,7 @@ menu_expire (KBNODE pub_keyblock)
}
update_trust = 1;
- return 1;
+ return gpg_error (GPG_ERR_TRUE);
}
diff --git a/g10/main.h b/g10/main.h
index 63aec47..1822ee4 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -295,6 +295,8 @@ void keyedit_quick_revuid (ctrl_t ctrl, const char *username,
const char *uidtorev);
void keyedit_quick_sign (ctrl_t ctrl, const char *fpr,
strlist_t uids, strlist_t locusr, int local);
+void keyedit_quick_set_expire (ctrl_t ctrl,
+ const char *fpr, const char *expirestr);
void show_basic_key_info (KBNODE keyblock);
/*-- keygen.c --*/
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list