keyringctl: Do not persist unbound certifications

keyringctl:
Change `persist_certifications()` to not attempt to read UID binding
signatures for a given UID, if it does not exist and instead output an
error message.
This commit is contained in:
David Runge 2021-10-17 00:21:08 +02:00 committed by Levente Polyak
parent 8ec1654e0c
commit 0e54261242
No known key found for this signature in database
GPG Key ID: FC1B547C8D8172C8

View File

@ -25,7 +25,7 @@ from tempfile import TemporaryDirectory
from tempfile import mkdtemp
from logging import basicConfig
from logging import debug
from logging import debug, error
from logging import DEBUG
from typing import Dict
@ -537,10 +537,16 @@ def persist_certifications(
certification_dir.mkdir(parents=True, exist_ok=True)
issuer = packet_dump_field(certification, 'Issuer')
if uids.get(key) and uid_binding_sig.get(key):
packets = [pubkey, uids[key], uid_binding_sig[key], certification]
output_file = certification_dir / f'{issuer}.asc'
debug(f'Writing file {output_file} from {certification}')
packet_join(packets, output_file)
else:
error(
f"Public key '{pubkey}' does not provide "
f"{'the UID binding signature' if not uid_binding_sig.get(key) else ''} for UID '{key}', "
"so its certifications can not be used!")
def persist_revocations(