From 0e5426124262e4986d0741744a34d7566fbc61c3 Mon Sep 17 00:00:00 2001 From: David Runge Date: Sun, 17 Oct 2021 00:21:08 +0200 Subject: [PATCH] keyringctl: Do not persist unbound certifications keyringctl: Change `persist_certifications()` to not attempt to read UID binding signatures for a given UID, if it does not exist and instead output an error message. --- keyringctl | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/keyringctl b/keyringctl index 8d70516..321a3e0 100755 --- a/keyringctl +++ b/keyringctl @@ -25,7 +25,7 @@ from tempfile import TemporaryDirectory from tempfile import mkdtemp from logging import basicConfig -from logging import debug +from logging import debug, error from logging import DEBUG from typing import Dict @@ -537,10 +537,16 @@ def persist_certifications( certification_dir.mkdir(parents=True, exist_ok=True) issuer = packet_dump_field(certification, 'Issuer') - packets = [pubkey, uids[key], uid_binding_sig[key], certification] - output_file = certification_dir / f'{issuer}.asc' - debug(f'Writing file {output_file} from {certification}') - packet_join(packets, output_file) + if uids.get(key) and uid_binding_sig.get(key): + packets = [pubkey, uids[key], uid_binding_sig[key], certification] + output_file = certification_dir / f'{issuer}.asc' + debug(f'Writing file {output_file} from {certification}') + packet_join(packets, output_file) + else: + error( + f"Public key '{pubkey}' does not provide " + f"{'the UID binding signature' if not uid_binding_sig.get(key) else ''} for UID '{key}', " + "so its certifications can not be used!") def persist_revocations(