keyringctl: Do not persist unbound certifications

keyringctl:
Change `persist_certifications()` to not attempt to read UID binding
signatures for a given UID, if it does not exist and instead output an
error message.
This commit is contained in:
David Runge 2021-10-17 00:21:08 +02:00 committed by Levente Polyak
parent 8ec1654e0c
commit 0e54261242
No known key found for this signature in database
GPG Key ID: FC1B547C8D8172C8

View File

@ -25,7 +25,7 @@ from tempfile import TemporaryDirectory
from tempfile import mkdtemp from tempfile import mkdtemp
from logging import basicConfig from logging import basicConfig
from logging import debug from logging import debug, error
from logging import DEBUG from logging import DEBUG
from typing import Dict from typing import Dict
@ -537,10 +537,16 @@ def persist_certifications(
certification_dir.mkdir(parents=True, exist_ok=True) certification_dir.mkdir(parents=True, exist_ok=True)
issuer = packet_dump_field(certification, 'Issuer') issuer = packet_dump_field(certification, 'Issuer')
if uids.get(key) and uid_binding_sig.get(key):
packets = [pubkey, uids[key], uid_binding_sig[key], certification] packets = [pubkey, uids[key], uid_binding_sig[key], certification]
output_file = certification_dir / f'{issuer}.asc' output_file = certification_dir / f'{issuer}.asc'
debug(f'Writing file {output_file} from {certification}') debug(f'Writing file {output_file} from {certification}')
packet_join(packets, output_file) packet_join(packets, output_file)
else:
error(
f"Public key '{pubkey}' does not provide "
f"{'the UID binding signature' if not uid_binding_sig.get(key) else ''} for UID '{key}', "
"so its certifications can not be used!")
def persist_revocations( def persist_revocations(