correctly detect that key is not trusted before encrypting. Doc says: "gpg just prints a message to the console, but does not provide a specific error indication that the Python wrapper can use." Fixes #8040. See #8041

2015-07-29 22:32:02 +02:00 · 2015-07-29 22:32:02 +02:00 · 9c6752f150
parent 15fce42a60
commit 9c6752f150
2 changed files with 11 additions and 4 deletions
--- a/src/common/gnupg.py
+++ b/src/common/gnupg.py
@ -1094,7 +1094,7 @@ class GPG(object):
                getattr(result, keyword)(L)
        return result

-    def list_keys(self, secret=False):
+    def list_keys(self, secret=False, keys=None):
        """ list the keys currently in the keyring

        >>> import shutil
@ -1116,6 +1116,9 @@ class GPG(object):
            which='secret-keys'
        args = ["--list-%s" % which, "--fixed-list-mode", "--fingerprint",
                "--with-colons"]
+        if keys:
+            for key in keys:
+                args.append(key)
        p = self._open_subprocess(args)
        return self._get_list_output(p, 'list')

--- a/src/common/gpg.py
+++ b/src/common/gpg.py
@ -54,12 +54,16 @@ if HAVE_GPG:
                for key in recipients:
                    if key not in self.always_trust:
                        trust = False
+            if not trust:
+                # check that we'll be able to encrypt
+                result = super(GnuPG, self).list_keys(recipients,
+                    keys=recipients)
+                for key in result:
+                    if key['trust'] not in ('f', 'u'):
+                        return '', 'NOT_TRUSTED'
            result = super(GnuPG, self).encrypt(str_, recipients,
                always_trust=trust, passphrase=self.passphrase)

-            if result.status == 'invalid recipient':
-                return '', 'NOT_TRUSTED'
-
            if result.ok:
                error = ''
            else: