tags patch thanks Please review the attached patches fixing the two issues mentioned in this thread:
* Remove revoked uids from keys before processing * Refuse to sign on a revoked primary key Thanks! -- Jerome
From a78ebe82bd16f228f1649790f03e0f91e66cbf2c Mon Sep 17 00:00:00 2001 From: Jerome Charaoui <jer...@riseup.net> Date: Tue, 19 Jul 2016 16:38:47 -0400 Subject: [PATCH 2/2] Refuse to sign a revoked primary key. --- monkeysign/ui.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/monkeysign/ui.py b/monkeysign/ui.py index 6b34eb9..1289bcd 100644 --- a/monkeysign/ui.py +++ b/monkeysign/ui.py @@ -292,6 +292,9 @@ work. self.log(_('found %d keys matching your request') % len(keys)) for key in keys: + if keys[key].trust == 'r': + self.log(_('not signing revoked key %s') % keys[key].keyid()) + continue alluids = self.yes_no(_("""\ Signing the following key -- 2.8.1
From a94a87e8a99b95b158dc4557ab74118d0e4b2072 Mon Sep 17 00:00:00 2001 From: Jerome Charaoui <jer...@riseup.net> Date: Tue, 19 Jul 2016 15:12:55 -0400 Subject: [PATCH 1/2] Always delete revoked UIDs (closes #723763) Finds and deletes all revoked UIDs after finding a public key. --- monkeysign/gpg.py | 2 +- monkeysign/ui.py | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/monkeysign/gpg.py b/monkeysign/gpg.py index 456cf3b..1350ed6 100644 --- a/monkeysign/gpg.py +++ b/monkeysign/gpg.py @@ -434,7 +434,7 @@ class Keyring(): # end of copy-paste from sign_key() self.context.write(proc.stdin, 'deluid') self.context.expect(proc.stderr, 'GOT_IT') - self.context.expect(proc.stderr, 'GET_BOOL keyedit.remove.uid.okay') + self.context.expect(proc.stderr, r'GET_LINE keyedit.prompt|GET_BOOL keyedit.remove.uid.okay') self.context.write(proc.stdin, 'y') self.context.expect(proc.stderr, 'GOT_IT') self.context.expect(proc.stderr, 'GET_LINE keyedit.prompt') diff --git a/monkeysign/ui.py b/monkeysign/ui.py index c9b6a30..6b34eb9 100644 --- a/monkeysign/ui.py +++ b/monkeysign/ui.py @@ -243,6 +243,19 @@ this should not interrupt the flow of the program, but must be visible to the us if not self.tmpkeyring.fetch_keys(self.pattern): self.abort(_('could not find key %s in your keyring or keyservers') % self.pattern) + """we should never sign a revoked UID""" + self.del_revoked_uids() + + def del_revoked_uids(self): + """this will remove all revoked UIDs""" + for fpr, key in self.tmpkeyring.get_keys().iteritems(): + todelete = [] + for uid in key.uids.values(): + if uid.trust == 'r': + todelete.append(uid.uid) + for uid in todelete: + self.tmpkeyring.del_uid(fpr, uid) + def copy_secrets(self): """import secret keys (but only the public part) from your keyring -- 2.8.1
signature.asc
Description: OpenPGP digital signature