* options.h, export.c (parse_export_options, do_export_stream): Add
authorDavid Shaw <dshaw@jabberwocky.com>
Thu, 25 Nov 2004 03:58:42 +0000 (03:58 +0000)
committerDavid Shaw <dshaw@jabberwocky.com>
Thu, 25 Nov 2004 03:58:42 +0000 (03:58 +0000)
"export-minimal" option to disregard any sigs except selfsigs.

g10/ChangeLog
g10/export.c
g10/options.h

index c956840..3e5681a 100644 (file)
@@ -1,5 +1,8 @@
 2004-11-24  David Shaw  <dshaw@jabberwocky.com>
 
+       * options.h, export.c (parse_export_options, do_export_stream):
+       Add "export-minimal" option to disregard any sigs except selfsigs.
+
        * trustdb.c (uid_trust_string_fixed): Use a string that can be
        atoi-ed, but also has a comment for the translator.
 
index 3731dab..40e5b44 100644 (file)
@@ -48,6 +48,7 @@ parse_export_options(char *str,unsigned int *options,int noisy)
       {"include-local-sigs",EXPORT_INCLUDE_LOCAL_SIGS,NULL},
       {"include-attributes",EXPORT_INCLUDE_ATTRIBUTES,NULL},
       {"include-sensitive-revkeys",EXPORT_INCLUDE_SENSITIVE_REVKEYS,NULL},
+      {"export-minimal",EXPORT_MINIMAL,NULL},
       {NULL,0,NULL}
       /* add tags for include revoked and disabled? */
     };
@@ -140,6 +141,7 @@ do_export_stream( IOBUF out, STRLIST users, int secret,
     KEYDB_SEARCH_DESC *desc = NULL;
     KEYDB_HANDLE kdbhd;
     STRLIST sl;
+    u32 pk_keyid[2];
 
     *any = 0;
     init_packet( &pkt );
@@ -193,8 +195,7 @@ do_export_stream( IOBUF out, STRLIST users, int secret,
            goto leave;
        }
 
-       node=find_kbnode( keyblock, PKT_SECRET_KEY );
-       if(node)
+       if((node=find_kbnode(keyblock,PKT_SECRET_KEY)))
          {
            PKT_secret_key *sk=node->pkt->pkt.secret_key;
 
@@ -216,6 +217,9 @@ do_export_stream( IOBUF out, STRLIST users, int secret,
                continue;
              }
          }
+       else if((options&EXPORT_MINIMAL)
+               && (node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
+         keyid_from_pk(node->pkt->pkt.public_key,pk_keyid);
 
        /* and write it */
        for( kbctx=NULL; (node = walk_kbnode( keyblock, &kbctx, 0 )); ) {
@@ -301,28 +305,40 @@ do_export_stream( IOBUF out, STRLIST users, int secret,
                  continue;
              }
 
-           if( node->pkt->pkttype == PKT_SIGNATURE ) {
-             /* do not export packets which are marked as not exportable */
-             if( !(options&EXPORT_INCLUDE_LOCAL_SIGS) &&
-                 !node->pkt->pkt.signature->flags.exportable )
-               continue; /* not exportable */
-
-             /* Do not export packets with a "sensitive" revocation
-                 key unless the user wants us to.  Note that we do
-                 export these when issuing the actual revocation (see
-                 revoke.c). */
-             if( !(options&EXPORT_INCLUDE_SENSITIVE_REVKEYS) &&
-                 node->pkt->pkt.signature->revkey ) {
-               int i;
-
-               for(i=0;i<node->pkt->pkt.signature->numrevkeys;i++)
-                 if(node->pkt->pkt.signature->revkey[i]->class & 0x40)
-                   break;
-
-               if(i<node->pkt->pkt.signature->numrevkeys)
+           if( node->pkt->pkttype == PKT_SIGNATURE )
+             {
+               /* If we have minimal-export turned on, do not include
+                  any signature that isn't a selfsig.  Note that this
+                  only applies to uid sigs (0x10, 0x11, 0x12, and
+                  0x13).  A designated revocation is not stripped. */
+               if((options&EXPORT_MINIMAL)
+                  && IS_UID_SIG(node->pkt->pkt.signature)
+                  && (node->pkt->pkt.signature->keyid[0]!=pk_keyid[0]
+                      || node->pkt->pkt.signature->keyid[1]!=pk_keyid[1]))
                  continue;
+
+               /* do not export packets which are marked as not exportable */
+               if(!(options&EXPORT_INCLUDE_LOCAL_SIGS)
+                  && !node->pkt->pkt.signature->flags.exportable)
+                 continue; /* not exportable */
+
+               /* Do not export packets with a "sensitive" revocation
+                  key unless the user wants us to.  Note that we do
+                  export these when issuing the actual revocation
+                  (see revoke.c). */
+               if(!(options&EXPORT_INCLUDE_SENSITIVE_REVKEYS)
+                  && node->pkt->pkt.signature->revkey)
+                 {
+                   int i;
+
+                   for(i=0;i<node->pkt->pkt.signature->numrevkeys;i++)
+                     if(node->pkt->pkt.signature->revkey[i]->class & 0x40)
+                       break;
+
+                   if(i<node->pkt->pkt.signature->numrevkeys)
+                     continue;
+                 }
              }
-           }
 
            /* Don't export attribs? */
            if( !(options&EXPORT_INCLUDE_ATTRIBUTES) &&
index 66dfb80..7f71a70 100644 (file)
@@ -241,7 +241,9 @@ struct {
 #define PGP7    (opt.compliance==CO_PGP7)
 #define PGP8    (opt.compliance==CO_PGP8)
 
-/* Various option flags */
+/* Various option flags.  Note that there should be no common string
+   names between the IMPORT_ and EXPORT_ flags as they can be mixed in
+   the keyserver-options option. */
 
 #define IMPORT_ALLOW_LOCAL_SIGS          (1<<0)
 #define IMPORT_REPAIR_PKS_SUBKEY_BUG     (1<<1)
@@ -252,6 +254,7 @@ struct {
 #define EXPORT_INCLUDE_LOCAL_SIGS        (1<<0)
 #define EXPORT_INCLUDE_ATTRIBUTES        (1<<1)
 #define EXPORT_INCLUDE_SENSITIVE_REVKEYS (1<<2)
+#define EXPORT_MINIMAL                   (1<<3)
 
 #define LIST_SHOW_PHOTOS                 (1<<0)
 #define LIST_SHOW_POLICY_URLS            (1<<1)