X-Git-Url: https://git.sthu.org/?a=blobdiff_plain;f=caff%2Fpgp-fixkey;h=903b97b55c0eed850ab5bba70e1a5d2604bc371a;hb=adc4d76614a11e684f0a0b43270f87366766cab8;hp=ca00698cda2c8a22aa1a07fa32d48f8bc9f2cc15;hpb=4717f00e481e8f8d1acf51d35dc9afdaf6012b71;p=pgp-tools.git diff --git a/caff/pgp-fixkey b/caff/pgp-fixkey index ca00698..903b97b 100755 --- a/caff/pgp-fixkey +++ b/caff/pgp-fixkey @@ -33,22 +33,21 @@ =head1 NAME -pgp-clean -- remove all non-self signatures from key +pgp-fixkey -- remove broken packets from keys =head1 SYNOPSIS =over -=item B I [I ...] +=item B [I [I ...]] =back =head1 DESCRIPTION -B takes a list of keyids on the command line and outputs an -ascii-armored keyring on stdout for each key with all signatures except -self-signatures stripped. Its use is to reduce the size of keys sent out after -signing (e.g. with B). +B removes broken packets from keys in the GnuPG keyring that make +GnuPG spew ugly warnings. It optionally takes a list of keyids on the command +line and only cleans those keys. =head1 OPTIONS @@ -76,8 +75,6 @@ caff(1), gpg(1). Peter Palfrader -This manpage was written in POD by Christoph Berg . - =cut use strict; @@ -102,7 +99,7 @@ sub info($) { }; sub debug($) { my ($line) = @_; - print STDERR "[DEBUG] $line\n"; + #print STDERR "[DEBUG] $line\n"; }; sub trace($) { my ($line) = @_; @@ -230,12 +227,11 @@ my $KEYEDIT_DELSUBKEY_PROMPT = '^\[GNUPG:\] GET_BOOL keyedit.remove.subkey'; sub usage() { - print STDERR "pgp-clean $VERSION - (c) 2004, 2005 Peter Palfrader\n"; - print STDERR "Usage: $PROGRAM_NAME [ ...]\n"; + print STDERR "pgp-fixkey $VERSION - (c) 2004, 2005 Peter Palfrader\n"; + print STDERR "Usage: $PROGRAM_NAME [ [ ...]]\n"; exit 1; }; -usage() unless scalar @ARGV >= 1; my @KEYIDS; for my $keyid (@ARGV) { $keyid =~ s/^0x//i; @@ -246,10 +242,36 @@ for my $keyid (@ARGV) { push @KEYIDS, uc($keyid); }; +# find a list of all interesting keys. +if (scalar @KEYIDS == 0) { + my $gpg = GnuPG::Interface->new(); + $gpg->options->meta_interactive( 0 ); + my ($inputfd, $stdoutfd, $stderrfd, $statusfd, $handles) = make_gpg_fds(); + $gpg->options->hash_init( 'extra_args' => [ '--with-colons', '--fast-list-mode', '--fixed-list-mode' ] ); + my $pid = $gpg->list_sigs(handles => $handles); + my ($stdout, $stderr, $status) = readwrite_gpg('', $inputfd, $stdoutfd, $stderrfd, $statusfd); + waitpid $pid, 0; + if ($stdout eq '') { + die ("No data from gpg for list-sigs\n"); + }; + + my $thiskey = undef; + for my $line (split /\n/, $stdout) { + debug("Checking line $line"); + my ($type, undef, undef, undef, $keyid, $created, undef, undef, undef, undef) = split /:/, $line; + if ($type eq 'pub') { + $thiskey = $keyid; + debug("Found key $thiskey"); + } elsif ($type eq 'sig' || $type eq 'rev') { + if (($keyid eq '0' x 16) && ($created == 0)) { + push @KEYIDS, $thiskey if defined $thiskey; + info("Adding $thiskey"); + $thiskey = undef; + }; + }; + }; +} -################## -# export and prune -################## KEYS: for my $keyid (@KEYIDS) { # get key listing @@ -267,7 +289,7 @@ for my $keyid (@KEYIDS) { }; my $keyinfo = $stdout; my @publine = grep { /^pub/ } (split /\n/, $stdout); - my ($dummy1, $dummy2, $dummy3, $dummy4, $longkeyid, $dummy6, $dummy7, $dummy8, $dummy9, $dummy10, $dummy11, $flags) = split /:/, pop @publine; + my (undef, undef, undef, undef, $longkeyid, undef, undef, undef, undef, undef, undef, $flags) = split /:/, pop @publine; my $can_encrypt = $flags =~ /E/; unless (defined $longkeyid) { warn ("Didn't find public keyid in edit dialog of key $keyid.\n"); @@ -304,7 +326,7 @@ for my $keyid (@KEYIDS) { debug("Parsing stdout output."); for my $line (split /\n/, $stdout) { debug("Checking line $line"); - my ($type, $dummy2, $dummy3, $dummy4, $dummy5, $dummy6, $dummy7, $dummy8, $dummy9, $uidtext) = split /:/, $line; + my ($type, undef, undef, undef, undef, undef, undef, undef, undef, $uidtext) = split /:/, $line; if ($type eq 'sub') { $number_of_subkeys++; }; @@ -330,8 +352,8 @@ for my $keyid (@KEYIDS) { my $answer = "no"; if (defined $line) { # only if we found a sig here - we never remove revocation packets for instance debug("[sigremoval] doing line $line."); - my ($dummy1, $dummy2, $dummy3, $dummy4, $signer, $created, $dummy7, $dummy8, $dummy9) = split /:/, $line; - if ($signer eq ('-1' x 16)) { + my (undef, undef, undef, undef, $signer, $created, undef, undef, undef) = split /:/, $line; + if ($signer eq ('0' x 16)) { debug("[sigremoval] not interested in that sig ($signer)."); $answer = "yes"; };