diff options
| author | Werner Koch <wk@gnupg.org> | 2024-09-25 14:31:46 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2024-09-25 15:21:30 +0200 |
| commit | a0aea092647c1d96ec94e5e524adc855f6466799 (patch) | |
| tree | 21bfd0803b0ebf95a76b6f08c70e7987d5004122 /g10/import.c | |
| parent | gpg: Remove useless variable in validate_keys. (diff) | |
| download | gnupg2-a0aea092647c1d96ec94e5e524adc855f6466799.tar.xz gnupg2-a0aea092647c1d96ec94e5e524adc855f6466799.zip | |
gpg: Validate the trustdb after the import of a trusted key.
* g10/import.c (import_one_real): Rename non_self to non_self_or_utk.
If not set after chk_self_sigs check whether the imported key is an
ultimately trusted key.
--
The revalidation mark was only set if the imported key had a new key
signature. This is in general correct but not if the imported key is
a trusted key.
GnuPG-bug-id: 7200
Diffstat (limited to '')
| -rw-r--r-- | g10/import.c | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/g10/import.c b/g10/import.c index ea3ba2991..65f911f30 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1992,7 +1992,7 @@ import_one_real (ctrl_t ctrl, int new_key = 0; int mod_key = 0; int same_key = 0; - int non_self = 0; + int non_self_or_utk = 0; size_t an; char pkstrbuf[PUBKEY_STRING_SIZE]; int merge_keys_done = 0; @@ -2101,9 +2101,21 @@ import_one_real (ctrl_t ctrl, if ((options & IMPORT_REPAIR_KEYS)) key_check_all_keysigs (ctrl, 1, keyblock, 0, 0); - if (chk_self_sigs (ctrl, keyblock, keyid, &non_self)) + if (chk_self_sigs (ctrl, keyblock, keyid, &non_self_or_utk)) return 0; /* Invalid keyblock - error already printed. */ + /* If the imported key is marked as ultimately trusted key (using + * --trusted-key), we set the flag so that we can later set the + * revalidation mark. */ + if (!non_self_or_utk) + { + /* Make sure the trustdb is initialized so that the UTK list is + * available. */ + init_trustdb (ctrl, 1); + if (tdb_keyid_is_utk (keyid)) + non_self_or_utk = 2; + } + /* If we allow such a thing, mark unsigned uids as valid */ if (opt.allow_non_selfsigned_uid) { @@ -2273,7 +2285,7 @@ import_one_real (ctrl_t ctrl, importing and locally exported key. */ clear_ownertrusts (ctrl, pk); - if (non_self) + if (non_self_or_utk) revalidation_mark (ctrl); } @@ -2366,7 +2378,7 @@ import_one_real (ctrl_t ctrl, if (err) log_error (_("error writing keyring '%s': %s\n"), keydb_get_resource_name (hd), gpg_strerror (err)); - else if (non_self) + else if (non_self_or_utk) revalidation_mark (ctrl); /* Release the handle and thus unlock the keyring asap. */ |