From 9c6752f1502314daf51aef4b834196ff00cc756c Mon Sep 17 00:00:00 2001 From: Yann Leboulanger Date: Wed, 29 Jul 2015 22:32:02 +0200 Subject: [PATCH] correctly detect that key is not trusted before encrypting. Doc says: "gpg just prints a message to the console, but does not provide a specific error indication that the Python wrapper can use." Fixes #8040. See #8041 --- src/common/gnupg.py | 5 ++++- src/common/gpg.py | 10 +++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/src/common/gnupg.py b/src/common/gnupg.py index 4fb40e0a1..79cbce3fc 100644 --- a/src/common/gnupg.py +++ b/src/common/gnupg.py @@ -1094,7 +1094,7 @@ class GPG(object): getattr(result, keyword)(L) return result - def list_keys(self, secret=False): + def list_keys(self, secret=False, keys=None): """ list the keys currently in the keyring >>> import shutil @@ -1116,6 +1116,9 @@ class GPG(object): which='secret-keys' args = ["--list-%s" % which, "--fixed-list-mode", "--fingerprint", "--with-colons"] + if keys: + for key in keys: + args.append(key) p = self._open_subprocess(args) return self._get_list_output(p, 'list') diff --git a/src/common/gpg.py b/src/common/gpg.py index 3e07c873a..12ce02a9f 100644 --- a/src/common/gpg.py +++ b/src/common/gpg.py @@ -54,12 +54,16 @@ if HAVE_GPG: for key in recipients: if key not in self.always_trust: trust = False + if not trust: + # check that we'll be able to encrypt + result = super(GnuPG, self).list_keys(recipients, + keys=recipients) + for key in result: + if key['trust'] not in ('f', 'u'): + return '', 'NOT_TRUSTED' result = super(GnuPG, self).encrypt(str_, recipients, always_trust=trust, passphrase=self.passphrase) - if result.status == 'invalid recipient': - return '', 'NOT_TRUSTED' - if result.ok: error = '' else: