keyringctl: Do not persist unbound certifications
keyringctl: Change `persist_certifications()` to not attempt to read UID binding signatures for a given UID, if it does not exist and instead output an error message.
This commit is contained in:
parent
8ec1654e0c
commit
0e54261242
@ -25,7 +25,7 @@ from tempfile import TemporaryDirectory
|
|||||||
from tempfile import mkdtemp
|
from tempfile import mkdtemp
|
||||||
|
|
||||||
from logging import basicConfig
|
from logging import basicConfig
|
||||||
from logging import debug
|
from logging import debug, error
|
||||||
from logging import DEBUG
|
from logging import DEBUG
|
||||||
|
|
||||||
from typing import Dict
|
from typing import Dict
|
||||||
@ -537,10 +537,16 @@ def persist_certifications(
|
|||||||
certification_dir.mkdir(parents=True, exist_ok=True)
|
certification_dir.mkdir(parents=True, exist_ok=True)
|
||||||
issuer = packet_dump_field(certification, 'Issuer')
|
issuer = packet_dump_field(certification, 'Issuer')
|
||||||
|
|
||||||
|
if uids.get(key) and uid_binding_sig.get(key):
|
||||||
packets = [pubkey, uids[key], uid_binding_sig[key], certification]
|
packets = [pubkey, uids[key], uid_binding_sig[key], certification]
|
||||||
output_file = certification_dir / f'{issuer}.asc'
|
output_file = certification_dir / f'{issuer}.asc'
|
||||||
debug(f'Writing file {output_file} from {certification}')
|
debug(f'Writing file {output_file} from {certification}')
|
||||||
packet_join(packets, output_file)
|
packet_join(packets, output_file)
|
||||||
|
else:
|
||||||
|
error(
|
||||||
|
f"Public key '{pubkey}' does not provide "
|
||||||
|
f"{'the UID binding signature' if not uid_binding_sig.get(key) else ''} for UID '{key}', "
|
||||||
|
"so its certifications can not be used!")
|
||||||
|
|
||||||
|
|
||||||
def persist_revocations(
|
def persist_revocations(
|
||||||
|
Loading…
Reference in New Issue
Block a user