* gpgv.c: Remove extra semicolon (typo).

* options.skel: Note that keyserver.pgp.com isn't synchronized, and
explain the roundrobin a bit better.

* sig-check.c (check_key_signature2), import.c (import_one,
import_revoke_cert, chk_self_sigs, delete_inv_parts, collapse_uids,
merge_blocks): Make much quieter during import of slightly munged, but
recoverable, keys. Use log_error for unrecoverable import failures.

* keyring.c (keyring_rebuild_cache): Comment.

* sign.c (mk_notation_and_policy): Making a v3 signature with notations or
policy urls is an error, not an info (i.e. increment the errorcount).
Don't print the notation or policy url to stdout since it can be mixed
into the output stream when piping and munge the stream.

1 files changed, 71 insertions, 55 deletions

diff --git a/g10/import.c b/g10/import.c
index ac4ab7291..8d94c3967 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -592,7 +592,8 @@ import_one( const char *fname, KBNODE keyblock,
 
     clear_kbnode_flags( keyblock );
 
-    if((options&IMPORT_REPAIR_PKS_SUBKEY_BUG) && fix_pks_corruption(keyblock))
+    if((options&IMPORT_REPAIR_PKS_SUBKEY_BUG) && fix_pks_corruption(keyblock)
+       && opt.verbose)
       log_info(_("key %08lX: PKS subkey corruption repaired\n"),
 	       (ulong)keyid[1]);
 
@@ -614,11 +615,9 @@ import_one( const char *fname, KBNODE keyblock,
 	  }
 
     if( !delete_inv_parts( fname, keyblock, keyid, options ) ) {
-	if( !opt.quiet ) {
-	    log_info( _("key %08lX: no valid user IDs\n"),
-							(ulong)keyid[1]);
-	    log_info(_("this may be caused by a missing self-signature\n"));
-	}
+        log_error( _("key %08lX: no valid user IDs\n"), (ulong)keyid[1]);
+	if( !opt.quiet )
+	  log_info(_("this may be caused by a missing self-signature\n"));
 	stats->no_user_id++;
 	return 0;
     }
@@ -980,8 +979,8 @@ import_revoke_cert( const char *fname, KBNODE node, struct stats_s *stats )
     pk = m_alloc_clear( sizeof *pk );
     rc = get_pubkey( pk, keyid );
     if( rc == G10ERR_NO_PUBKEY ) {
-	log_info( _("key %08lX: no public key - "
-		 "can't apply revocation certificate\n"), (ulong)keyid[1]);
+	log_error( _("key %08lX: no public key - "
+		     "can't apply revocation certificate\n"), (ulong)keyid[1]);
 	rc = 0;
 	goto leave;
     }
@@ -1126,15 +1125,18 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
 		  rc = check_key_signature( keyblock, n, NULL);
 		  if( rc )
 		    {
-		      char *p=utf8_to_native(unode->pkt->pkt.user_id->name,
+		      if( opt.verbose )
+			{
+			  char *p=utf8_to_native(unode->pkt->pkt.user_id->name,
 				      strlen(unode->pkt->pkt.user_id->name),0);
-		      log_info( rc == G10ERR_PUBKEY_ALGO ?
-				_("key %08lX: unsupported public key "
-				  "algorithm on user id \"%s\"\n"):
-				_("key %08lX: invalid self-signature "
-				  "on user id \"%s\"\n"),
-				(ulong)keyid[1],p);
-		      m_free(p);
+			  log_info( rc == G10ERR_PUBKEY_ALGO ?
+				    _("key %08lX: unsupported public key "
+				      "algorithm on user id \"%s\"\n"):
+				    _("key %08lX: invalid self-signature "
+				      "on user id \"%s\"\n"),
+				    (ulong)keyid[1],p);
+			  m_free(p);
+			}
 		    }
 		  else
 		    unode->flag |= 1; /* mark that signature checked */
@@ -1146,17 +1148,19 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
 		 revocation targets, this may need to be revised. */
 
 		if( !knode ) {
-		    log_info( _("key %08lX: no subkey for subkey "
-				"binding signature\n"),(ulong)keyid[1]);
+		    if(opt.verbose)
+		      log_info( _("key %08lX: no subkey for key binding\n"),
+				(ulong)keyid[1]);
 		    n->flag |= 4; /* delete this */
 		}
 		else {
 		  rc = check_key_signature( keyblock, n, NULL);
 		  if( rc ) {
-		    log_info(  rc == G10ERR_PUBKEY_ALGO ?
+		    if(opt.verbose)
+		      log_info(rc == G10ERR_PUBKEY_ALGO ?
 			    _("key %08lX: unsupported public key algorithm\n"):
-		            _("key %08lX: invalid subkey binding\n"),
-		            (ulong)keyid[1]);
+			    _("key %08lX: invalid subkey binding\n"),
+			    (ulong)keyid[1]);
 		    n->flag|=4;
 		  }
 		  else {
@@ -1167,8 +1171,9 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
 			bsnode->flag|=4; /* Delete the last binding
 					    sig since this one is
 					    newer */
-			log_info(_("key %08lX: removed multiple subkey "
-				   "binding\n"),(ulong)keyid[1]);
+			if(opt.verbose)
+			  log_info(_("key %08lX: removed multiple subkey "
+				     "binding\n"),(ulong)keyid[1]);
 		      }
 
 		      bsnode=n;
@@ -1187,18 +1192,21 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
                  See the comment in getkey.c:merge_selfsigs_subkey for
                  more */
 		if( !knode ) {
-		    log_info( _("key %08lX: no subkey for subkey "
-				"revocation signature\n"),(ulong)keyid[1]);
+		    if(opt.verbose)
+		      log_info( _("key %08lX: no subkey for key revocation\n"),
+				(ulong)keyid[1]);
 		    n->flag |= 4; /* delete this */
 		}
 		else {
 		  rc = check_key_signature( keyblock, n, NULL);
 		  if( rc ) {
-		    log_info(  rc == G10ERR_PUBKEY_ALGO ?
+		      if(opt.verbose)
+			log_info(rc == G10ERR_PUBKEY_ALGO ?
 			    _("key %08lX: unsupported public key algorithm\n"):
-		            _("key %08lX: invalid subkey revocation\n"),
-			       (ulong)keyid[1]);
-		    n->flag|=4;
+			    _("key %08lX: invalid subkey revocation\n"),
+			    (ulong)keyid[1]);
+
+		      n->flag|=4;
 		  }
 		  else {
 		    /* It's valid, so is it newer? */
@@ -1207,8 +1215,9 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
 			rsnode->flag|=4; /* Delete the last revocation
 					    sig since this one is
 					    newer */
-			log_info(_("key %08lX: removed multiple subkey "
-				   "revocation signatures\n"),(ulong)keyid[1]);
+			if(opt.verbose)
+			  log_info(_("key %08lX: removed multiple subkey "
+				     "revocation\n"),(ulong)keyid[1]);
 		      }
 
 		      rsnode=n;
@@ -1295,18 +1304,18 @@ delete_inv_parts( const char *fname, KBNODE keyblock,
 	     * to import non-exportable signature when we have the
 	     * the secret key used to create this signature - it
 	     * seems that this makes sense */
-	    log_info( _("key %08lX: non exportable signature "
-				    "(class %02x) - skipped\n"),
-				    (ulong)keyid[1],
-				     node->pkt->pkt.signature->sig_class );
+	    if(opt.verbose)
+	      log_info( _("key %08lX: non exportable signature "
+			  "(class %02x) - skipped\n"),
+			(ulong)keyid[1], node->pkt->pkt.signature->sig_class );
 	    delete_kbnode( node );
 	}
 	else if( node->pkt->pkttype == PKT_SIGNATURE
 		 && node->pkt->pkt.signature->sig_class == 0x20 )  {
 	    if( uid_seen ) {
-		log_error( _("key %08lX: revocation certificate "
-				     "at wrong place - skipped\n"),
-				    (ulong)keyid[1]);
+	        if(opt.verbose)
+		  log_info( _("key %08lX: revocation certificate "
+			      "at wrong place - skipped\n"), (ulong)keyid[1]);
 		delete_kbnode( node );
 	    }
 	    else {
@@ -1321,9 +1330,10 @@ delete_inv_parts( const char *fname, KBNODE keyblock,
 		  int rc = check_key_signature( keyblock, node, NULL);
 		  if( rc )
 		    {
-		      log_error( _("key %08lX: invalid revocation "
-				   "certificate: %s - skipped\n"),
-				 (ulong)keyid[1], g10_errstr(rc));
+		      if(opt.verbose)
+			log_info( _("key %08lX: invalid revocation "
+				    "certificate: %s - skipped\n"),
+				  (ulong)keyid[1], g10_errstr(rc));
 		      delete_kbnode( node );
 		    }
 		}
@@ -1333,17 +1343,18 @@ delete_inv_parts( const char *fname, KBNODE keyblock,
 		 (node->pkt->pkt.signature->sig_class == 0x18 ||
 		  node->pkt->pkt.signature->sig_class == 0x28) &&
 		 !subkey_seen ) {
-	    log_error( _("key %08lX: subkey signature "
-			 "in wrong place - skipped\n"),
-		       (ulong)keyid[1]);
+	    if(opt.verbose)
+	      log_info( _("key %08lX: subkey signature "
+			  "in wrong place - skipped\n"), (ulong)keyid[1]);
 	    delete_kbnode( node );
 	}
 	else if( node->pkt->pkttype == PKT_SIGNATURE
 		 && !IS_CERT(node->pkt->pkt.signature))
 	  {
-	    log_error(_("key %08lX: unexpected signature class (0x%02X) -"
-			" skipped\n"),(ulong)keyid[1],
-		      node->pkt->pkt.signature->sig_class);
+	    if(opt.verbose)
+	      log_info(_("key %08lX: unexpected signature class (0x%02X) -"
+			 " skipped\n"),(ulong)keyid[1],
+		       node->pkt->pkt.signature->sig_class);
 	    delete_kbnode(node);
 	  }
 	else if( (node->flag & 4) ) /* marked for deletion */
@@ -1439,8 +1450,9 @@ collapse_uids( KBNODE *keyblock )
 	kid1 = keyid_from_sk( n->pkt->pkt.secret_key, NULL );
     else
 	kid1 = 0;
-    log_info(_("key %08lX: duplicated user ID detected - merged\n"),
-								 (ulong)kid1);
+    if(!opt.quiet)
+      log_info(_("key %08lX: duplicated user ID detected - merged\n"),
+	       (ulong)kid1);
 
     return 1;
 }
@@ -1563,14 +1575,17 @@ merge_blocks( const char *fname, KBNODE keyblock_orig, KBNODE keyblock,
 		  }
 	    }
 	    if( !found ) {
-	        char *p=get_user_id_printable (keyid);
 		KBNODE n2 = clone_kbnode(node);
 		insert_kbnode( keyblock_orig, n2, 0 );
 		n2->flag |= 1;
                 ++*n_sigs;
-		log_info(_("key %08lX: \"%s\" revocation certificate added\n"),
-					 (ulong)keyid[1],p);
-		m_free(p);
+		if(!opt.quiet)
+		  {
+		    char *p=get_user_id_printable (keyid);
+		    log_info(_("key %08lX: \"%s\" revocation "
+			       "certificate added\n"), (ulong)keyid[1],p);
+		    m_free(p);
+		  }
 	    }
 	}
     }
@@ -1599,8 +1614,9 @@ merge_blocks( const char *fname, KBNODE keyblock_orig, KBNODE keyblock,
 		insert_kbnode( keyblock_orig, n2, 0 );
 		n2->flag |= 1;
                 ++*n_sigs;
-		log_info( _("key %08lX: direct key signature added\n"),
-					 (ulong)keyid[1]);
+		if(!opt.quiet)
+		  log_info( _("key %08lX: direct key signature added\n"),
+			    (ulong)keyid[1]);
 	    }
 	}
     }