gpg: New list options "show-trustsig"

* g10/options.h (LIST_SHOW_TRUSTSIG): New. * g10/gpg.c (parse_list_options): Add "show-trustsig". * g10/keylist.c (parse_trust_name): New. (list_signature_print): Print trust signature info.
2025-05-14 08:13:25 +02:00 · 2025-04-29 11:33:41 +02:00 · 2025-04-29 11:33:41 +02:00 · 41d6ae8f41
commit 41d6ae8f41
parent cfe7ad203a
5 changed files with 71 additions and 0 deletions
--- a/3
+++ b/3
@ -6,6 +6,9 @@ Noteworthy changes in version 2.5.6 (unreleased)

  * gpg: Fix double free of internal data.  [T7547]

+  * gpg: New list option "show-trustsig" to avoid resorting to colon
+    mode for this info.
+
  * gpgsm: Extend --learn-card by an optional s/n argument.  [T7379]

  * gpgsm: Skip expired certificates when selection a certificate by
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@ -1390,6 +1390,15 @@ give the opposite meaning.  The options are:
  Show the ownertrust value for keys also in the standard key
  listing.  Defaults to no.

+  @item show-trustsig
+  @opindex list-options:show-trustsig
+  Show information about trust signatures also in a non-colon mode.
+  The information is printed in brackets after the signer's user ID in
+  the format T=@var{dept},@var{value}[,[R]"@var{string}"].
+  With the "R" prefix @var{string} gives the raw regular expression
+  escaped in C-style; without the prefix the domain name is printed
+  verbatim.  Defaults to no.
+
  @item show-policy-urls
  @opindex list-options:show-policy-urls
  Show policy URLs in the  @option{--check-signatures}
--- a/g10/gpg.c
+++ b/g10/gpg.c
@ -2129,6 +2129,8 @@ parse_list_options(char *str)
       N_("show preferences")},
      {"show-ownertrust", LIST_SHOW_OWNERTRUST, NULL,
       N_("show ownertrust")},
+      {"show-trustsig", LIST_SHOW_TRUSTSIG, NULL,
+       N_("show trust signature information")},
      {"show-only-fpr-mbox",LIST_SHOW_ONLY_FPR_MBOX, NULL,
       NULL},
      {"sort-sigs", LIST_SORT_SIGS, NULL,
--- a/g10/keylist.c
+++ b/g10/keylist.c
@ -1291,6 +1291,37 @@ cmp_signodes (const void *av, const void *bv)
 }


+/* Given a domain name at NAME with length NAME, check whether this is
+ * a valid domain name and in that case return a malloced string ith
+ * the name.  Escaped dots are ignored and removed from the result.
+ * Example: "example\.org" -> "example.org" Note that the input may
+ * not be Nul terminated.  */
+static char *
+parse_trust_name (const char *name, size_t namelen)
+{
+  char *buffer, *p;
+
+  p = buffer = xtrymalloc (namelen+1);
+  if (!buffer)
+    return NULL; /* Oops - caller needs to use some fallback  */
+
+  for (;  namelen; name++, namelen--)
+    {
+      if (*name == '\\' && namelen > 1 && name[1] == '.')
+        ; /* Skip the escape character.  */
+      else
+        *p++ = *name;
+    }
+  *p = 0;
+  if (!is_valid_domain_name (buffer))
+    {
+      xfree (buffer);
+      buffer = NULL;
+    }
+  return buffer;
+}
+
+
 /* Helper for list_keyblock_print.  The caller must have set
 * NODFLG_MARK_B to indicate self-signatures.  */
 static void
@ -1403,6 +1434,31 @@ list_signature_print (ctrl_t ctrl, kbnode_t keyblock, kbnode_t node,
      print_utf8_buffer (es_stdout, p, n);
      xfree (p);
    }
+  if ((opt.list_options & LIST_SHOW_TRUSTSIG)
+      && (sig->trust_depth || sig->trust_value || sig->trust_regexp))
+    {
+      es_fprintf (es_stdout, " [T=%d,%d", sig->trust_depth, sig->trust_value);
+      if (sig->trust_regexp)
+        {
+          size_t n = strlen (sig->trust_regexp);
+          char *tname = NULL;
+
+          if (!strncmp (sig->trust_regexp, "<[^>]+[@.]", 10)
+              && n > 12 && !strcmp (sig->trust_regexp+n-2, ">$")
+              && (tname=parse_trust_name (sig->trust_regexp+10, n-12)))
+            {
+              es_fprintf (es_stdout, ",\"%s", tname);
+              xfree (tname);
+            }
+          else
+            {
+              es_fputs (",R\"", es_stdout);
+              es_write_sanitized (es_stdout, sig->trust_regexp, n, "\"", NULL);
+            }
+          es_putc ('\"', es_stdout);
+        }
+      es_putc (']', es_stdout);
+    }
  es_putc ('\n', es_stdout);

  if (sig->flags.policy_url
--- a/g10/options.h
+++ b/g10/options.h
@ -463,6 +463,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
 #define LIST_SHOW_X509_NOTATIONS         (1<<17)
 #define LIST_STORE_X509_NOTATIONS        (1<<18)
 #define LIST_SHOW_OWNERTRUST             (1<<19)
+#define LIST_SHOW_TRUSTSIG               (1<<20)

 #define VERIFY_SHOW_PHOTOS               (1<<0)
 #define VERIFY_SHOW_POLICY_URLS          (1<<1)