sm: Move qualified.txt from datadir into sysconfdir

* doc/Makefile.am: Move qualified.txt into examples. * doc/qualified.txt: Move into examples, remove trailing spaces. * doc/examples/README: Document qualified.txt. * doc/gpgsm.texi: Move qualified.txt from datadir into sysconfdir. * sm/qualified.c (read_list): Move qualified.txt from datadir into sysconfdir. -- The qualified.txt is maintained by Administrator it is a configuration file. In the past it was a hybrid, provided by package and controlled by the Administrator, however, it is no longer maintained by package. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2017-09-01 22:19:26 +03:00 · 2017-09-01 22:19:26 +03:00 · 384a3748d9
parent 926d07c5fa
commit 384a3748d9
5 changed files with 14 additions and 18 deletions
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@ -22,7 +22,7 @@ AM_CPPFLAGS =
 include $(top_srcdir)/am/cmacros.am

 examples = examples/README examples/scd-event examples/trustlist.txt	\
-	   examples/vsnfd.prf examples/debug.prf                        \
+	   examples/vsnfd.prf examples/debug.prf examples/qualified.txt \
 	   examples/systemd-user/README 				\
 	   examples/systemd-user/dirmngr.service 			\
 	   examples/systemd-user/dirmngr.socket				\
@ -43,7 +43,7 @@ helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt		\

 profiles =

-EXTRA_DIST = samplekeys.asc mksamplekeys com-certs.pem qualified.txt \
+EXTRA_DIST = samplekeys.asc mksamplekeys com-certs.pem \
 	     gnupg-logo.eps gnupg-logo.pdf gnupg-logo.png gnupg-logo-tr.png \
 	     gnupg-module-overview.png gnupg-module-overview.pdf \
             gnupg-card-architecture.png gnupg-card-architecture.pdf \
--- a/doc/examples/README
+++ b/doc/examples/README
@ -9,3 +9,5 @@ trustlist.txt   A list of trustworthy root certificates
 gpgconf.conf    A sample configuration file for gpgconf.

 systemd-user    Sample files for a Linux-only init system.
+
+qualified.txt   Sample file for qualified.txt.
--- a/doc/examples/qualified.txt
+++ b/doc/examples/qualified.txt
@ -29,7 +29,7 @@
 #
 #                 Germany
 #
-# The information for Germany is available 
+# The information for Germany is available
 # at http://www.bundesnetzagentur.de
 #*******************************************

@ -74,7 +74,7 @@ DB:45:3D:1B:B0:1A:F3:23:10:6B:DE:D0:09:61:57:AA:F4:25:E0:5B  de
 #Serial number: 02
 #       Issuer: /CN=9R-CA 1:PN/O=Regulierungsbehörde für
 #               Telekommunikation und Post/C=DE
-#      Subject: /CN=9R-CA 1:PN/O=Regulierungsbehörde für 
+#      Subject: /CN=9R-CA 1:PN/O=Regulierungsbehörde für
 #               Telekommunikation und Post/C=DE
 #     validity: 2004-11-25 14:59:11 through 2007-12-31 14:56:59
 #     key type: 1024 bit RSA
@ -118,7 +118,7 @@ A0:8B:DF:3B:AA:EE:3F:9D:64:6C:47:81:23:21:D4:A6:18:81:67:1D  de
 #    key usage: certSign
 #     policies: 1.3.36.8.1.1:N:
 # chain length: unlimited
-# [checked: 2008-06-25] 
+# [checked: 2008-06-25]
 44:7E:D4:E3:9A:D7:92:E2:07:FA:53:1A:2E:F5:B8:02:5B:47:57:B0  de

 #           ID: 0x46A2CC8A
@ -130,7 +130,7 @@ A0:8B:DF:3B:AA:EE:3F:9D:64:6C:47:81:23:21:D4:A6:18:81:67:1D  de
 #    key usage: certSign
 #     policies: 1.3.36.8.1.1:N:
 # chain length: unlimited
-# [checked: 2008-06-25] 
+# [checked: 2008-06-25]
 AC:A7:BE:45:1F:A6:BF:09:F2:D1:3F:08:7B:BC:EB:7F:46:A2:CC:8A  de


@ -215,7 +215,7 @@ E0:BF:1B:91:91:6B:88:E4:F1:15:92:22:CE:37:23:96:B1:4A:2E:5C  de
 #     key type: 2048 bit RSA
 #    key usage: certSign crlSign
 # chain length: 1
-#[checked: 2007-12-13 via received ZIP file with qualified signature from 
+#[checked: 2007-12-13 via received ZIP file with qualified signature from
 #         /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag
 #         /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg]
 C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA  de
@ -230,7 +230,7 @@ C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA  de
 #     key type: 2048 bit RSA
 #    key usage: certSign crlSign
 # chain length: 1
-#[checked: 2007-12-13 via received ZIP file with qualified signature from 
+#[checked: 2007-12-13 via received ZIP file with qualified signature from
 #         /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag
 #         /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg"]
 D5:C7:50:F2:FE:4E:EE:D7:C7:B1:E4:13:7B:FB:54:84:3A:7D:97:9B  de
--- a/doc/gpgsm.texi
+++ b/doc/gpgsm.texi
@ -843,15 +843,9 @@ purposes.

 Note that even if a certificate is listed in this file, this does not
 mean that the certificate is trusted; in general the certificates listed
-in this file need to be listed also in @file{trustlist.txt}.
-
-This is a global file an installed in the data directory
-(e.g. @file{@value{DATADIR}/qualified.txt}).  GnuPG installs a suitable
-file with root certificates as used in Germany.  As new Root-CA
-certificates may be issued over time, these entries may need to be
-updated; new distributions of this software should come with an updated
-list but it is still the responsibility of the Administrator to check
-that this list is correct.
+in this file need to be listed also in @file{trustlist.txt}. This is a global
+file an installed in the sysconf directory (e.g.
+@file{@value{SYSCONFDIR}/qualified.txt}).

 Every time @command{gpgsm} uses a certificate for signing or verification
 this file will be consulted to check whether the certificate under
--- a/sm/qualified.c
+++ b/sm/qualified.c
@ -58,7 +58,7 @@ read_list (char *key, char *country, int *lnr)

  if (!listname)
    {
-      listname = make_filename (gnupg_datadir (), "qualified.txt", NULL);
+      listname = make_filename (gnupg_sysconfdir (), "qualified.txt", NULL);
      listfp = fopen (listname, "r");
      if (!listfp && errno != ENOENT)
        {