From b509d81cab030cca6abf0d878e1fc884eda344e6 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 28 Sep 2017 14:10:12 +0200
Subject: gpg: Workaround for junk after --trusted-key.

* g10/trust.c (register_trusted_key): Cut off everthing starting as a
hash sign.
--

This problem is fallout from
commit f99830b72812395da5451152bdd2f2d90a7cb7fb
which fixes
GnuPG-bug-id: 1206

The same could happen with other options taking keyids but we won't
change that because a trailing '#' does not indicate a comment.  So
this is really only a workaround and eventually we will
deprecate --trusted-key anyway or require a fingerprint as a value.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 g10/trust.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/g10/trust.c b/g10/trust.c
index ee6078b5a..6d4f0e74b 100644
--- a/g10/trust.c
+++ b/g10/trust.c
@@ -66,6 +66,26 @@ register_trusted_key (const char *string)
 #ifdef NO_TRUST_MODELS
   (void)string;
 #else
+
+  /* Some users have conf files with entries like
+   *   trusted-key 0x1234567812345678    # foo
+   * That is obviously wrong.  Before fixing bug#1206 trailing garbage
+   * on a key specification if was ignored.  We detect the above use case
+   * here and  cut off the junk-looking-like-a comment.  */
+  if (strchr (string, '#'))
+    {
+      char *buf;
+
+      buf = xtrystrdup (string);
+      if (buf)
+        {
+          *strchr (buf, '#') = 0;
+          tdb_register_trusted_key (buf);
+          xfree (buf);
+          return;
+        }
+    }
+
   tdb_register_trusted_key (string);
 #endif
 }
-- 
cgit v1.2.3