[PATCH] Handle non-critical SIG_SUBPACKET per RFC4880

To: debian-dak@lists.debian.org
Cc: "Jeremy T. Bouse" <jbouse@debian.org>
Subject: [PATCH] Handle non-critical SIG_SUBPACKET per RFC4880
From: "Jeremy T. Bouse" <jbouse@debian.org>
Date: Tue, 20 Apr 2010 23:31:47 -0400
Message-id: <[🔎] 1271820707-28295-1-git-send-email-jbouse@debian.org>

Section 5.2.3.1 states that there can be 0 or more signature subpackets.
The RFC states that any implementation SHOULD ignore any subpacket it
doesn't recognize; however those marked as critical on Bit 7 should be
treated as an error rather than ignored. It further states that an
evaluator may 'recognize' but not implement a subpacket type. As DAK
doesn't actually implement and only needs to recognize this patch only
adds critical SIG_SUBPACKET keywords that will generate an error as
SIG_SUBPACKET is not listed in known_keywords when ran through the
check_signature() function.
---
 daklib/utils.py |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/daklib/utils.py b/daklib/utils.py
index 0896d57..fb6b8b0 100755
--- a/daklib/utils.py
+++ b/daklib/utils.py
@@ -1205,6 +1205,8 @@ def process_gpgv_output(status):
         if keywords.has_key(keyword) and keyword not in [ "NODATA", "SIGEXPIRED", "KEYEXPIRED" ]:
             internal_error += "found duplicate status token ('%s').\n" % (keyword)
             continue
+        if keyword in [ "SIG_SUBPACKET" ] and args[1] != 2:
+            continue
         else:
             keywords[keyword] = args
 
-- 
1.6.3.3

Reply to:

Follow-Ups:
- Re: [PATCH] Handle non-critical SIG_SUBPACKET per RFC4880
  - From: "Jeremy T. Bouse" <jbouse@debian.org>

Prev by Date: Re: [PATCH] Add SIG_SUBPACKET as a known_keyword.
Next by Date: Re: [PATCH] Handle non-critical SIG_SUBPACKET per RFC4880
Previous by thread: Re: [PATCH] Add SIG_SUBPACKET as a known_keyword.
Next by thread: Re: [PATCH] Handle non-critical SIG_SUBPACKET per RFC4880
Index(es):
- Date
- Thread