1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

gpg: Don't take the a TOFU trust model from the trustdb,

* g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model.
(create_version_record): Don't init as TOFU.
(tdbio_db_matches_options): Don't indicate a change in case TOFU is
stored in an old trustdb file.
--

This change allows to switch between a tofu and pgp or tofu+pgp trust
model without an auto rebuild of the trustdb.  This also requires that
the tofu trust model is requested on the command line.  If TOFU will
ever be the default we need to tweak the model detection via TM_AUTO
by also looking into the TOFU data base,

GnuPG-bug-id: 4134
This commit is contained in:
Werner Koch 2018-10-10 11:46:16 +02:00
parent b6275f3bda
commit 150a33df41
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 27 additions and 5 deletions

View File

@ -1724,7 +1724,8 @@ Set what trust model GnuPG should follow. The models are:
@opindex trust-model:auto @opindex trust-model:auto
Select the trust model depending on whatever the internal trust Select the trust model depending on whatever the internal trust
database says. This is the default model if such a database already database says. This is the default model if such a database already
exists. exists. Note that a tofu trust model is not considered here and
must be enabled explicitly.
@end table @end table
@item --auto-key-locate @var{mechanisms} @item --auto-key-locate @var{mechanisms}

View File

@ -562,6 +562,12 @@ tdbio_update_version_record (ctrl_t ctrl)
{ {
TRUSTREC rec; TRUSTREC rec;
int rc; int rc;
int opt_tm;
/* Never store a TOFU trust model in the trustdb. Use PGP instead. */
opt_tm = opt.trust_model;
if (opt_tm == TM_TOFU || opt_tm == TM_TOFU_PGP)
opt_tm = TM_PGP;
memset (&rec, 0, sizeof rec); memset (&rec, 0, sizeof rec);
@ -572,7 +578,7 @@ tdbio_update_version_record (ctrl_t ctrl)
rec.r.ver.marginals = opt.marginals_needed; rec.r.ver.marginals = opt.marginals_needed;
rec.r.ver.completes = opt.completes_needed; rec.r.ver.completes = opt.completes_needed;
rec.r.ver.cert_depth = opt.max_cert_depth; rec.r.ver.cert_depth = opt.max_cert_depth;
rec.r.ver.trust_model = opt.trust_model; rec.r.ver.trust_model = opt_tm;
rec.r.ver.min_cert_level = opt.min_cert_level; rec.r.ver.min_cert_level = opt.min_cert_level;
rc = tdbio_write_record (ctrl, &rec); rc = tdbio_write_record (ctrl, &rec);
} }
@ -591,6 +597,12 @@ create_version_record (ctrl_t ctrl)
{ {
TRUSTREC rec; TRUSTREC rec;
int rc; int rc;
int opt_tm;
/* Never store a TOFU trust model in the trustdb. Use PGP instead. */
opt_tm = opt.trust_model;
if (opt_tm == TM_TOFU || opt_tm == TM_TOFU_PGP)
opt_tm = TM_PGP;
memset (&rec, 0, sizeof rec); memset (&rec, 0, sizeof rec);
rec.r.ver.version = 3; rec.r.ver.version = 3;
@ -598,8 +610,8 @@ create_version_record (ctrl_t ctrl)
rec.r.ver.marginals = opt.marginals_needed; rec.r.ver.marginals = opt.marginals_needed;
rec.r.ver.completes = opt.completes_needed; rec.r.ver.completes = opt.completes_needed;
rec.r.ver.cert_depth = opt.max_cert_depth; rec.r.ver.cert_depth = opt.max_cert_depth;
if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC) if (opt_tm == TM_PGP || opt_tm == TM_CLASSIC)
rec.r.ver.trust_model = opt.trust_model; rec.r.ver.trust_model = opt_tm;
else else
rec.r.ver.trust_model = TM_PGP; rec.r.ver.trust_model = TM_PGP;
rec.r.ver.min_cert_level = opt.min_cert_level; rec.r.ver.min_cert_level = opt.min_cert_level;
@ -883,16 +895,25 @@ tdbio_db_matches_options()
{ {
TRUSTREC vr; TRUSTREC vr;
int rc; int rc;
int opt_tm, tm;
rc = tdbio_read_record (0, &vr, RECTYPE_VER); rc = tdbio_read_record (0, &vr, RECTYPE_VER);
if( rc ) if( rc )
log_fatal( _("%s: error reading version record: %s\n"), log_fatal( _("%s: error reading version record: %s\n"),
db_name, gpg_strerror (rc) ); db_name, gpg_strerror (rc) );
/* Consider tofu and pgp the same. */
tm = vr.r.ver.trust_model;
if (tm == TM_TOFU || tm == TM_TOFU_PGP)
tm = TM_PGP;
opt_tm = opt.trust_model;
if (opt_tm == TM_TOFU || opt_tm == TM_TOFU_PGP)
opt_tm = TM_PGP;
yes_no = vr.r.ver.marginals == opt.marginals_needed yes_no = vr.r.ver.marginals == opt.marginals_needed
&& vr.r.ver.completes == opt.completes_needed && vr.r.ver.completes == opt.completes_needed
&& vr.r.ver.cert_depth == opt.max_cert_depth && vr.r.ver.cert_depth == opt.max_cert_depth
&& vr.r.ver.trust_model == opt.trust_model && tm == opt_tm
&& vr.r.ver.min_cert_level == opt.min_cert_level; && vr.r.ver.min_cert_level == opt.min_cert_level;
} }