[Pkg-gnupg-commit] [gnupg2] 95/116: gpg: New export and import options "backup" and "restore".

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Jan 24 04:40:58 UTC 2017 

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch master
in repository gnupg2.

commit 953d4ec6afd1b42feb7465ee57e48d72f033019a
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Jan 23 10:12:18 2017 +0100

    gpg: New export and import options "backup" and "restore".
    
    * g10/export.c (parse_export_options): Add "backup" and its alias
    "export-backup".
    (do_export_one_keyblock): Export ring trust packets in backup mode.
    * g10/import.c (parse_import_options): Add "restore" and its alias
    "import-restore".
    (read_block): Import ring trust packets.
    --
    
    These options are intended to, well, backup and restore keys between
    GnuPG implementations.  These options may eventually be enhanced to
    backup and restore all public key related information.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>
---
 doc/gpg.texi  | 13 +++++++++++++
 g10/export.c  | 21 ++++++++++++++++++---
 g10/import.c  | 21 +++++++++++++++++++--
 g10/options.h |  2 ++
 4 files changed, 52 insertions(+), 5 deletions(-)

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 044ba37..8e1a5e6 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2283,6 +2283,12 @@ opposite meaning. The options are:
   the most recent self-signature on each user ID. This option is the
   same as running the @option{--edit-key} command "minimize" after import.
   Defaults to no.
+
+  @item restore
+  @itemx import-restore
+  Import in key restore mode.  This imports all data which is usually
+  skipped during import; including all GnuPG specific data.  All other
+  contradicting options are overridden.
 @end table
 
 @item --import-filter @code{@var{name}=@var{expr}}
@@ -2393,6 +2399,13 @@ opposite meaning. The options are:
   @c when the exported subkey is to be used on an unattended machine where
   @c a passphrase doesn't necessarily make sense. Defaults to no.
 
+  @item backup
+  @itemx export-backup
+  Export for use as a backup.  The exported data includes all data
+  which is needed to restore the key or keys later with GnuPG.  The
+  format is basically the OpenPGP format but enhanced with GnuPG
+  specific data.  All other contradicting options are overridden.
+
   @item export-clean
   Compact (remove all signatures from) user IDs on the key being
   exported if the user IDs are not usable. Also, do not export any
diff --git a/g10/export.c b/g10/export.c
index b36200a..f354ca0 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -116,6 +116,10 @@ parse_export_options(char *str,unsigned int *options,int noisy)
       {"export-pka", EXPORT_PKA_FORMAT, NULL, NULL },
       {"export-dane", EXPORT_DANE_FORMAT, NULL, NULL },
 
+      {"backup", EXPORT_BACKUP, NULL,
+       N_("use the GnuPG key backup format")},
+      {"export-backup", EXPORT_BACKUP, NULL, NULL },
+
       /* Aliases for backward compatibility */
       {"include-local-sigs",EXPORT_LOCAL_SIGS,NULL,NULL},
       {"include-attributes",EXPORT_ATTRIBUTES,NULL,NULL},
@@ -127,8 +131,18 @@ parse_export_options(char *str,unsigned int *options,int noisy)
       {NULL,0,NULL,NULL}
       /* add tags for include revoked and disabled? */
     };
+  int rc;
 
-  return parse_options(str,options,export_opts,noisy);
+  rc = parse_options (str, options, export_opts, noisy);
+  if (rc && (*options & EXPORT_BACKUP))
+    {
+      /* Alter other options we want or don't want for restore.  */
+      *options |= (EXPORT_LOCAL_SIGS | EXPORT_ATTRIBUTES
+                   | EXPORT_SENSITIVE_REVKEYS);
+      *options &= ~(EXPORT_CLEAN | EXPORT_MINIMAL
+                    | EXPORT_PKA_FORMAT | EXPORT_DANE_FORMAT);
+    }
+  return rc;
 }
 
 
@@ -1535,8 +1549,9 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid,
       if (node->pkt->pkttype == PKT_COMMENT)
         continue;
 
-      /* Make sure that ring_trust packets never get exported. */
-      if (node->pkt->pkttype == PKT_RING_TRUST)
+      /* Make sure that ring_trust packets are only exported in backup
+       * mode. */
+      if (node->pkt->pkttype == PKT_RING_TRUST && !(options & EXPORT_BACKUP))
         continue;
 
       /* If exact is set, then we only export what was requested
diff --git a/g10/import.c b/g10/import.c
index 1ed11bf..b6c04dc 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -175,6 +175,10 @@ parse_import_options(char *str,unsigned int *options,int noisy)
       {"import-export", IMPORT_EXPORT, NULL,
        N_("run import filters and export key immediately")},
 
+      {"restore", IMPORT_RESTORE, NULL,
+       N_("assume the GnuPG key backup format")},
+      {"import-restore", IMPORT_RESTORE, NULL, NULL},
+
       /* Aliases for backward compatibility */
       {"allow-local-sigs",IMPORT_LOCAL_SIGS,NULL,NULL},
       {"repair-hkp-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,NULL},
@@ -186,8 +190,18 @@ parse_import_options(char *str,unsigned int *options,int noisy)
                                             the new design.  */
       {NULL,0,NULL,NULL}
     };
+  int rc;
 
-  return parse_options(str,options,import_opts,noisy);
+  rc = parse_options (str, options, import_opts, noisy);
+  if (rc && (*options & IMPORT_RESTORE))
+    {
+      /* Alter other options we want or don't want for restore.  */
+      *options |= (IMPORT_LOCAL_SIGS | IMPORT_KEEP_OWNERTTRUST);
+      *options &= ~(IMPORT_MINIMAL | IMPORT_CLEAN
+                    | IMPORT_REPAIR_PKS_SUBKEY_BUG
+                    | IMPORT_MERGE_ONLY);
+    }
+  return rc;
 }
 
 
@@ -833,7 +847,9 @@ read_block( IOBUF a, PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys)
 	    break;
 
           case PKT_RING_TRUST:
-            /* Skip those packets.  */
+            /* Skip those packets unless we are in restore mode.  */
+            if ((opt.import_options & IMPORT_RESTORE))
+              goto x_default;
 	    free_packet( pkt );
 	    init_packet(pkt);
             break;
@@ -848,6 +864,7 @@ read_block( IOBUF a, PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys)
               }
 	    in_cert = 1;
 	  default:
+          x_default:
 	    if (in_cert && valid_keyblock_packet (pkt->pkttype))
               {
 		if (!root )
diff --git a/g10/options.h b/g10/options.h
index 589b68e..88a8f32 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -349,6 +349,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
 #define IMPORT_NO_SECKEY                 (1<<7)
 #define IMPORT_KEEP_OWNERTTRUST          (1<<8)
 #define IMPORT_EXPORT                    (1<<9)
+#define IMPORT_RESTORE                   (1<<10)
 
 #define EXPORT_LOCAL_SIGS                (1<<0)
 #define EXPORT_ATTRIBUTES                (1<<1)
@@ -358,6 +359,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
 #define EXPORT_CLEAN                     (1<<5)
 #define EXPORT_PKA_FORMAT                (1<<6)
 #define EXPORT_DANE_FORMAT               (1<<7)
+#define EXPORT_BACKUP                    (1<<10)
 
 #define LIST_SHOW_PHOTOS                 (1<<0)
 #define LIST_SHOW_POLICY_URLS            (1<<1)

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git

More information about the Pkg-gnupg-commit mailing list