diff --git a/NEWS b/NEWS index 91d38779f..c3a51f14e 100644 --- a/NEWS +++ b/NEWS @@ -6,6 +6,9 @@ Noteworthy changes in version 2.5.6 (unreleased) * gpg: Fix double free of internal data. [T7547] + * gpg: New list option "show-trustsig" to avoid resorting to colon + mode for this info. + * gpgsm: Extend --learn-card by an optional s/n argument. [T7379] * gpgsm: Skip expired certificates when selection a certificate by diff --git a/doc/gpg.texi b/doc/gpg.texi index 546dbf080..deaea6a91 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1390,6 +1390,15 @@ give the opposite meaning. The options are: Show the ownertrust value for keys also in the standard key listing. Defaults to no. + @item show-trustsig + @opindex list-options:show-trustsig + Show information about trust signatures also in a non-colon mode. + The information is printed in brackets after the signer's user ID in + the format T=@var{dept},@var{value}[,[R]"@var{string}"]. + With the "R" prefix @var{string} gives the raw regular expression + escaped in C-style; without the prefix the domain name is printed + verbatim. Defaults to no. + @item show-policy-urls @opindex list-options:show-policy-urls Show policy URLs in the @option{--check-signatures} diff --git a/g10/gpg.c b/g10/gpg.c index db898c41d..d6c2372d8 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2129,6 +2129,8 @@ parse_list_options(char *str) N_("show preferences")}, {"show-ownertrust", LIST_SHOW_OWNERTRUST, NULL, N_("show ownertrust")}, + {"show-trustsig", LIST_SHOW_TRUSTSIG, NULL, + N_("show trust signature information")}, {"show-only-fpr-mbox",LIST_SHOW_ONLY_FPR_MBOX, NULL, NULL}, {"sort-sigs", LIST_SORT_SIGS, NULL, diff --git a/g10/keylist.c b/g10/keylist.c index 499bdf91f..fc0e161ea 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1291,6 +1291,37 @@ cmp_signodes (const void *av, const void *bv) } +/* Given a domain name at NAME with length NAME, check whether this is + * a valid domain name and in that case return a malloced string ith + * the name. Escaped dots are ignored and removed from the result. + * Example: "example\.org" -> "example.org" Note that the input may + * not be Nul terminated. */ +static char * +parse_trust_name (const char *name, size_t namelen) +{ + char *buffer, *p; + + p = buffer = xtrymalloc (namelen+1); + if (!buffer) + return NULL; /* Oops - caller needs to use some fallback */ + + for (; namelen; name++, namelen--) + { + if (*name == '\\' && namelen > 1 && name[1] == '.') + ; /* Skip the escape character. */ + else + *p++ = *name; + } + *p = 0; + if (!is_valid_domain_name (buffer)) + { + xfree (buffer); + buffer = NULL; + } + return buffer; +} + + /* Helper for list_keyblock_print. The caller must have set * NODFLG_MARK_B to indicate self-signatures. */ static void @@ -1403,6 +1434,31 @@ list_signature_print (ctrl_t ctrl, kbnode_t keyblock, kbnode_t node, print_utf8_buffer (es_stdout, p, n); xfree (p); } + if ((opt.list_options & LIST_SHOW_TRUSTSIG) + && (sig->trust_depth || sig->trust_value || sig->trust_regexp)) + { + es_fprintf (es_stdout, " [T=%d,%d", sig->trust_depth, sig->trust_value); + if (sig->trust_regexp) + { + size_t n = strlen (sig->trust_regexp); + char *tname = NULL; + + if (!strncmp (sig->trust_regexp, "<[^>]+[@.]", 10) + && n > 12 && !strcmp (sig->trust_regexp+n-2, ">$") + && (tname=parse_trust_name (sig->trust_regexp+10, n-12))) + { + es_fprintf (es_stdout, ",\"%s", tname); + xfree (tname); + } + else + { + es_fputs (",R\"", es_stdout); + es_write_sanitized (es_stdout, sig->trust_regexp, n, "\"", NULL); + } + es_putc ('\"', es_stdout); + } + es_putc (']', es_stdout); + } es_putc ('\n', es_stdout); if (sig->flags.policy_url diff --git a/g10/options.h b/g10/options.h index 89f04526f..c877404a7 100644 --- a/g10/options.h +++ b/g10/options.h @@ -463,6 +463,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode; #define LIST_SHOW_X509_NOTATIONS (1<<17) #define LIST_STORE_X509_NOTATIONS (1<<18) #define LIST_SHOW_OWNERTRUST (1<<19) +#define LIST_SHOW_TRUSTSIG (1<<20) #define VERIFY_SHOW_PHOTOS (1<<0) #define VERIFY_SHOW_POLICY_URLS (1<<1)