Merge revoked TPKs, but don't trigger verifications.

database/src/fs.rs

@@ -530,6 +530,13 @@ mod tests {
         test::test_kid_lookup(&mut db);
     }
 
+    #[test]
+    fn upload_revoked_tpk() {
+        let tmpdir = TempDir::new().unwrap();
+        let mut db = Filesystem::new(tmpdir.path()).unwrap();
+        test::test_upload_revoked_tpk(&mut db);
+    }
+
     #[test]
     fn uid_revocation() {
         let tmpdir = TempDir::new().unwrap();

database/src/lib.rs

@@ -328,6 +328,12 @@ pub trait Database: Sync + Send {
         use std::collections::HashMap;
         use openpgp::RevocationStatus;
 
+        if let RevocationStatus::Revoked(_) = tpk.revoked(None) {
+            // Merge, but don't trigger any verifications.
+            self.merge(tpk)?;
+            return Ok(Vec::new());
+        }
+
         let fpr = Fingerprint::try_from(tpk.primary().fingerprint())?;
         let mut all_uids = Vec::default();
         let mut unverified_uids: HashMap<Email, Verify> = HashMap::new();

database/src/test.rs

@@ -487,6 +487,25 @@ pub fn test_kid_lookup<D: Database>(db: &mut D) {
     assert_eq!(raw1, raw3);
 }
 
+pub fn test_upload_revoked_tpk<D: Database>(db: &mut D) {
+    let str_uid1 = "Test A <test_a@example.com>";
+    let str_uid2 = "Test B <test_b@example.com>";
+    let (mut tpk, revocation) = TPKBuilder::default()
+        .add_userid(str_uid1)
+        .add_userid(str_uid2)
+        .generate()
+        .unwrap();
+    tpk = tpk.merge_packets(vec![revocation.into()]).unwrap();
+    match tpk.revoked(None) {
+        RevocationStatus::Revoked(_) => (),
+        _ => panic!("expected TPK to be revoked"),
+    }
+
+    // upload key
+    let tokens = db.merge_or_publish(tpk.clone()).unwrap();
+    assert!(tokens.is_empty());
+}
+
 pub fn test_uid_revocation<D: Database>(db: &mut D) {
     use std::{thread, time};