diff --git a/g10/ChangeLog b/g10/ChangeLog index 7b0448de4..4e752c029 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,19 @@ +2003-09-30 David Shaw + + * gpgv.c (check_trustdb_stale): Stub. + + * trustdb.c (get_validity): Move the up-to-date check to + check_trustdb_stale (new), so that it can be called before + validity is checked. + + * keylist.c (list_keyblock_print): Disable the overall key + validity display until it can be thought about more. Use + check_trustdb_stale here to avoid putting the check warning in the + middle of a listed key. + + * trustdb.c (init_trustdb): Only verify_own_keys() for those trust + models that it applies to (i.e. classic and OpenPGP). + 2003-09-29 Werner Koch * keygen.c (do_add_key_flags, parse_parameter_usage): Add support diff --git a/g10/gpgv.c b/g10/gpgv.c index 73af44ea5..0701ead8e 100644 --- a/g10/gpgv.c +++ b/g10/gpgv.c @@ -242,6 +242,9 @@ cache_disabled_value(PKT_public_key *pk) return 0; } +void +check_trustdb_stale(void) {} + int get_validity_info (PKT_public_key *pk, PKT_user_id *uid) { diff --git a/g10/keylist.c b/g10/keylist.c index de5b57572..9970f0cb2 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -622,12 +622,18 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque ) } else { +#if 0 int validity; +#endif pk = node->pkt->pkt.public_key; sk = NULL; keyid_from_pk( pk, keyid ); +#if 0 validity=get_validity(pk,NULL); +#endif + + check_trustdb_stale(); printf("pub %4u%c/", nbits_from_pk(pk),pubkey_letter(pk->pubkey_algo)); @@ -644,8 +650,13 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque ) if(newformat && pk->expiredate) printf(_(" [expires: %s]"), expirestr_from_pk( pk ) ); +#if 0 + /* I need to think about this some more. It's easy enough to + include, but it looks sort of confusing in the + listing... */ if(opt.list_options&LIST_SHOW_VALIDITY) printf(" [%s]",trust_value_to_string(validity)); +#endif } for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) { diff --git a/g10/trustdb.c b/g10/trustdb.c index d8b02fb81..743d9c771 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -406,7 +406,6 @@ setup_trustdb( int level, const char *dbname ) void init_trustdb() { - int rc=0; int level = trustdb_args.level; const char* dbname = trustdb_args.dbname; @@ -415,26 +414,14 @@ init_trustdb() trustdb_args.init = 1; - if ( !level || level==1) + if(level==0 || level==1) { - rc = tdbio_set_dbname( dbname, !!level ); - if( !rc ) - { - if( !level ) - return; - - /* verify that our own keys are in the trustDB - * or move them to the trustdb. */ - verify_own_keys(); - - /* should we check whether there is no other ultimately trusted - * key in the database? */ - } + int rc = tdbio_set_dbname( dbname, !!level ); + if( rc ) + log_fatal("can't init trustdb: %s\n", g10_errstr(rc) ); } else BUG(); - if( rc ) - log_fatal("can't init trustdb: %s\n", g10_errstr(rc) ); if(opt.trust_model==TM_AUTO) { @@ -443,7 +430,7 @@ init_trustdb() opt.trust_model=tdbio_read_model(); /* Sanity check this ;) */ - if(opt.trust_model!=TM_PGP && opt.trust_model!=TM_CLASSIC) + if(opt.trust_model!=TM_CLASSIC && opt.trust_model!=TM_PGP) { log_info(_("unable to use unknown trust model (%d) - " "assuming %s trust model\n"),opt.trust_model,"PGP"); @@ -454,14 +441,19 @@ init_trustdb() log_info(_("using %s trust model\n"),trust_model_string()); } - if((opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC) - && !tdbio_db_matches_options()) - pending_check_trustdb=1; + if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC) + { + /* Verify the list of ultimately trusted keys and move the + --trusted-keys list there as well. */ + if(level==1) + verify_own_keys(); + + if(!tdbio_db_matches_options()) + pending_check_trustdb=1; + } } - - /*********************************************** ************* Print helpers **************** ***********************************************/ @@ -1007,24 +999,10 @@ cache_disabled_value(PKT_public_key *pk) return disabled; } -/* - * Return the validity information for PK. If the namehash is not - * NULL, the validity of the corresponsing user ID is returned, - * otherwise, a reasonable value for the entire key is returned. - */ -unsigned int -get_validity (PKT_public_key *pk, PKT_user_id *uid) +void +check_trustdb_stale(void) { - static int did_nextcheck; - TRUSTREC trec, vrec; - int rc; - ulong recno; - unsigned int validity; - u32 kid[2]; - PKT_public_key *main_pk; - - if(uid) - namehash_from_uid(uid); + static int did_nextcheck=0; init_trustdb (); if (!did_nextcheck @@ -1048,6 +1026,28 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid) } } } +} + +/* + * Return the validity information for PK. If the namehash is not + * NULL, the validity of the corresponsing user ID is returned, + * otherwise, a reasonable value for the entire key is returned. + */ +unsigned int +get_validity (PKT_public_key *pk, PKT_user_id *uid) +{ + TRUSTREC trec, vrec; + int rc; + ulong recno; + unsigned int validity; + u32 kid[2]; + PKT_public_key *main_pk; + + if(uid) + namehash_from_uid(uid); + + init_trustdb (); + check_trustdb_stale(); keyid_from_pk (pk, kid); if (pk->main_keyid[0] != kid[0] || pk->main_keyid[1] != kid[1]) diff --git a/g10/trustdb.h b/g10/trustdb.h index 414c37702..bd7344bc9 100644 --- a/g10/trustdb.h +++ b/g10/trustdb.h @@ -44,6 +44,7 @@ void check_trustdb (void); void update_trustdb (void); int setup_trustdb( int level, const char *dbname ); void init_trustdb( void ); +void check_trustdb_stale(void); void sync_trustdb( void ); const char *trust_value_to_string (unsigned int value);