* gpgv.c (check_trustdb_stale): Stub.

* trustdb.c (get_validity): Move the up-to-date check to
check_trustdb_stale (new), so that it can be called before validity is
checked.

* keylist.c (list_keyblock_print): Disable the overall key validity
display until it can be thought about more.  Use check_trustdb_stale here
to avoid putting the check warning in the middle of a listed key.

* trustdb.c (init_trustdb): Only verify_own_keys() for those trust models
that it applies to (i.e. classic and OpenPGP).

g10/ChangeLog

@@ -1,3 +1,19 @@
+2003-09-30  David Shaw  <dshaw@jabberwocky.com>
+
+	* gpgv.c (check_trustdb_stale): Stub.
+
+	* trustdb.c (get_validity): Move the up-to-date check to
+	check_trustdb_stale (new), so that it can be called before
+	validity is checked.
+	
+	* keylist.c (list_keyblock_print): Disable the overall key
+	validity display until it can be thought about more.  Use
+	check_trustdb_stale here to avoid putting the check warning in the
+	middle of a listed key.
+
+	* trustdb.c (init_trustdb): Only verify_own_keys() for those trust
+	models that it applies to (i.e. classic and OpenPGP).
+
 2003-09-29  Werner Koch  <wk@gnupg.org>
 
 	* keygen.c (do_add_key_flags, parse_parameter_usage): Add support

g10/gpgv.c

@@ -242,6 +242,9 @@ cache_disabled_value(PKT_public_key *pk)
   return 0;
 }
 
+void
+check_trustdb_stale(void) {}
+
 int
 get_validity_info (PKT_public_key *pk, PKT_user_id *uid)
 {

g10/keylist.c

@@ -622,12 +622,18 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
       }
     else
       {
+#if 0
 	int validity;
+#endif
 	pk = node->pkt->pkt.public_key;
 	sk = NULL;
 	keyid_from_pk( pk, keyid );
 
+#if 0
 	validity=get_validity(pk,NULL);
+#endif
+
+	check_trustdb_stale();
 
 	printf("pub   %4u%c/",
 	       nbits_from_pk(pk),pubkey_letter(pk->pubkey_algo));
@@ -644,8 +650,13 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
 	if(newformat && pk->expiredate)
 	  printf(_(" [expires: %s]"), expirestr_from_pk( pk ) );
 
+#if 0
+	/* I need to think about this some more.  It's easy enough to
+	   include, but it looks sort of confusing in the
+	   listing... */
 	if(opt.list_options&LIST_SHOW_VALIDITY)
 	  printf(" [%s]",trust_value_to_string(validity));
+#endif
       }
 
     for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {

g10/trustdb.c

@@ -406,7 +406,6 @@ setup_trustdb( int level, const char *dbname )
 void
 init_trustdb()
 {
-  int rc=0;
   int level = trustdb_args.level;
   const char* dbname = trustdb_args.dbname;
 
@@ -415,26 +414,14 @@ init_trustdb()
 
   trustdb_args.init = 1;
 
-  if ( !level || level==1)
+  if(level==0 || level==1)
     {
-      rc = tdbio_set_dbname( dbname, !!level );
+      int rc = tdbio_set_dbname( dbname, !!level );
-      if( !rc )
+      if( rc )
-        {
+	log_fatal("can't init trustdb: %s\n", g10_errstr(rc) );
-          if( !level )
-            return;
-          
-          /* verify that our own keys are in the trustDB
-           * or move them to the trustdb. */
-          verify_own_keys();
-          
-          /* should we check whether there is no other ultimately trusted
-           * key in the database? */
-        }
     }
   else
     BUG();
-  if( rc )
-    log_fatal("can't init trustdb: %s\n", g10_errstr(rc) );
 
   if(opt.trust_model==TM_AUTO)
     {
@@ -443,7 +430,7 @@ init_trustdb()
       opt.trust_model=tdbio_read_model();
 
       /* Sanity check this ;) */
-      if(opt.trust_model!=TM_PGP && opt.trust_model!=TM_CLASSIC)
+      if(opt.trust_model!=TM_CLASSIC && opt.trust_model!=TM_PGP)
 	{
 	  log_info(_("unable to use unknown trust model (%d) - "
 		     "assuming %s trust model\n"),opt.trust_model,"PGP");
@@ -454,14 +441,19 @@ init_trustdb()
 	log_info(_("using %s trust model\n"),trust_model_string());
     }
 
-  if((opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
+  if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
-     && !tdbio_db_matches_options())
+    {
-    pending_check_trustdb=1;
+      /* Verify the list of ultimately trusted keys and move the
+	 --trusted-keys list there as well. */
+      if(level==1)
+	verify_own_keys();
+
+      if(!tdbio_db_matches_options())
+	pending_check_trustdb=1;
+    }
 }
 
 
-
-
 /***********************************************
  *************	Print helpers	****************
  ***********************************************/
@@ -1007,24 +999,10 @@ cache_disabled_value(PKT_public_key *pk)
    return disabled;
 }
 
-/*
+void
- * Return the validity information for PK.  If the namehash is not
+check_trustdb_stale(void)
- * NULL, the validity of the corresponsing user ID is returned,
- * otherwise, a reasonable value for the entire key is returned. 
- */
-unsigned int
-get_validity (PKT_public_key *pk, PKT_user_id *uid)
 {
-  static int did_nextcheck;
+  static int did_nextcheck=0;
-  TRUSTREC trec, vrec;
-  int rc;
-  ulong recno;
-  unsigned int validity;
-  u32 kid[2];
-  PKT_public_key *main_pk;
-
-  if(uid)
-    namehash_from_uid(uid);
 
   init_trustdb ();
   if (!did_nextcheck
@@ -1048,6 +1026,28 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
             }
         }
     }
+}
+
+/*
+ * Return the validity information for PK.  If the namehash is not
+ * NULL, the validity of the corresponsing user ID is returned,
+ * otherwise, a reasonable value for the entire key is returned. 
+ */
+unsigned int
+get_validity (PKT_public_key *pk, PKT_user_id *uid)
+{
+  TRUSTREC trec, vrec;
+  int rc;
+  ulong recno;
+  unsigned int validity;
+  u32 kid[2];
+  PKT_public_key *main_pk;
+
+  if(uid)
+    namehash_from_uid(uid);
+
+  init_trustdb ();
+  check_trustdb_stale();
 
   keyid_from_pk (pk, kid);
   if (pk->main_keyid[0] != kid[0] || pk->main_keyid[1] != kid[1])

g10/trustdb.h

@@ -44,6 +44,7 @@ void check_trustdb (void);
 void update_trustdb (void);
 int setup_trustdb( int level, const char *dbname );
 void init_trustdb( void );
+void check_trustdb_stale(void);
 void sync_trustdb( void );
 
 const char *trust_value_to_string (unsigned int value);