CondorCORE/condorcore-keyring
CondorCORE/condorcore-keyring
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

keyringctl: Do not persist unbound certifications

Browse Source 
keyringctl:
Change `persist_certifications()` to not attempt to read UID binding
signatures for a given UID, if it does not exist and instead output an
error message.
This commit is contained in:
David Runge 2021-10-17 00:21:08 +02:00 committed by Levente Polyak
parent 8ec1654e0c
commit 0e54261242
No known key found for this signature in database
GPG Key ID: FC1B547C8D8172C8
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
keyringctl
View File

@ -25,7 +25,7 @@ from tempfile import TemporaryDirectory
from tempfile import mkdtemp from tempfile import mkdtemp
from logging import basicConfig from logging import basicConfig
from logging import debug from logging import debug, error
from logging import DEBUG from logging import DEBUG
from typing import Dict from typing import Dict
@ -537,10 +537,16 @@ def persist_certifications(
certification_dir.mkdir(parents=True, exist_ok=True) certification_dir.mkdir(parents=True, exist_ok=True)
issuer = packet_dump_field(certification, 'Issuer') issuer = packet_dump_field(certification, 'Issuer')
packets = [pubkey, uids[key], uid_binding_sig[key], certification] if uids.get(key) and uid_binding_sig.get(key):
output_file = certification_dir / f'{issuer}.asc' packets = [pubkey, uids[key], uid_binding_sig[key], certification]
debug(f'Writing file {output_file} from {certification}') output_file = certification_dir / f'{issuer}.asc'
packet_join(packets, output_file) debug(f'Writing file {output_file} from {certification}')
packet_join(packets, output_file)
else:
error(
f"Public key '{pubkey}' does not provide "
f"{'the UID binding signature' if not uid_binding_sig.get(key) else ''} for UID '{key}', "
"so its certifications can not be used!")
def persist_revocations( def persist_revocations(