gpg: Add import option "keep-ownertrust".

* g10/options.h (IMPORT_KEEP_OWNERTTRUST): New.
* g10/import.c (parse_import_options): Add "keep-ownertrust".
(import_one): Act upon new option.
--

This option is in particular useful to convert from a pubring.gpg to
the new pubring.kbx in GnuPG 2.1 or vice versa:

gpg1 --export | gpg2 --import-options keep-ownertrust --import

(cherry-picked from commit da95d0d37841b34e2f3d7047f14ab4d98a7c0c56)

3 files changed, 23 insertions, 2 deletions

diff --git a/doc/gpg.texi b/doc/gpg.texi
index b1a27fba6..728f31426 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1885,6 +1885,15 @@ opposite meaning. The options are:
   generally useful unless a shared keyring scheme is being used.
   Defaults to no.
 
+  @item import-keep-ownertrust
+  Normally possible still existing ownertrust values of a key are
+  cleared if a key is imported.  This is in general desirable so that
+  a formerly deleted key does not automatically gain an ownertrust
+  values merely due to import.  On the other hand it is sometimes
+  necessary to re-import a trusted set of keys again but keeping
+  already assigned ownertrust values.  This can be achived by using
+  this option.
+
   @item repair-pks-subkey-bug
   During import, attempt to repair the damage caused by the PKS keyserver
   bug (pre version 0.9.6) that mangles keys with multiple subkeys. Note
diff --git a/g10/import.c b/g10/import.c
index 2baa29806..c9df368c1 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -95,18 +95,28 @@ parse_import_options(char *str,unsigned int *options,int noisy)
     {
       {"import-local-sigs",IMPORT_LOCAL_SIGS,NULL,
        N_("import signatures that are marked as local-only")},
+
       {"repair-pks-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,
        N_("repair damage from the pks keyserver during import")},
+
+      {"keep-ownertrust", IMPORT_KEEP_OWNERTTRUST, NULL,
+       N_("do not clear the ownertrust values during import")},
+
       {"fast-import",IMPORT_FAST,NULL,
        N_("do not update the trustdb after import")},
+
       {"convert-sk-to-pk",IMPORT_SK2PK,NULL,
        N_("create a public key when importing a secret key")},
+
       {"merge-only",IMPORT_MERGE_ONLY,NULL,
        N_("only accept updates to existing keys")},
+
       {"import-clean",IMPORT_CLEAN,NULL,
        N_("remove unusable parts from key after import")},
+
       {"import-minimal",IMPORT_MINIMAL|IMPORT_CLEAN,NULL,
        N_("remove as much as possible from key after import")},
+
       /* Aliases for backward compatibility */
       {"allow-local-sigs",IMPORT_LOCAL_SIGS,NULL,NULL},
       {"repair-hkp-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,NULL},
@@ -881,12 +891,13 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
         if (rc)
 	   log_error (_("error writing keyring `%s': %s\n"),
 		       keydb_get_resource_name (hd), g10_errstr(rc));
-	else
+	else if (!(opt.import_options & IMPORT_KEEP_OWNERTTRUST))
 	  {
 	    /* This should not be possible since we delete the
 	       ownertrust when a key is deleted, but it can happen if
 	       the keyring and trustdb are out of sync.  It can also
-	       be made to happen with the trusted-key command. */
+	       be made to happen with the trusted-key command and by
+	       importing and locally exported key. */
 
 	    clear_ownertrusts (pk);
 	    if(non_self)
diff --git a/g10/options.h b/g10/options.h
index 670cf64c2..dad598050 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -299,6 +299,7 @@ struct {
 #define IMPORT_MINIMAL                   (1<<5)
 #define IMPORT_CLEAN                     (1<<6)
 #define IMPORT_NO_SECKEY                 (1<<7)
+#define IMPORT_KEEP_OWNERTTRUST          (1<<8)
 
 #define EXPORT_LOCAL_SIGS                (1<<0)
 #define EXPORT_ATTRIBUTES                (1<<1)