gpg: Remove tofu database format "split".

* g10/options.h (struct opt): Remove field tofu_db_format. * g10/gpg.h (server_control_s): Add fields tofu.batch_update_ref and tofu.batch_update_started. * g10/gpg.c (parse_tofu_db_format): Remove. (main): Make option --tofu-db-format obsolete. * g10/tofu.c: Major rework. Remove the pretty complicated and slower split format and with that all the caching. Use the dbs struct directly. Move global vars for batch update into CTRL. Change calling conventions of some function to take CTRL or DBS pointers instead of the former low-level database pointer. -- The split database format might have been nice for use with Unison but it bypasses the concept of a relational database by doing parts of this itself and also risking deadlocks. Working with the Tofu database for debugging or experiments is also not possible with parts of the database logic implemented in gpg. The Tofu support is quite new and we can assume that it is not in real use now. Thus we better remove that now so that we do not need to maintain it for all future. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-03 22:56:33 +02:00 · 2016-08-05 14:40:36 +02:00 · 2016-08-05 14:40:36 +02:00 · 5b59999ce0
commit 5b59999ce0
parent a27410a251
11 changed files with 236 additions and 777 deletions
--- a/doc/DETAILS
+++ b/doc/DETAILS
@ -1144,6 +1144,55 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
              stored in the version info record.


+* Database scheme for the TOFU info
+
+#+begin_src sql
+--
+-- The VERSION table holds the version of our TOFU data structures.
+--
+CREATE TABLE version (
+  version integer -- As of now this is always 1
+);
+
+--
+-- The BINDINGS table associates mail addresses with keys.
+--
+CREATE TABLE bindings (
+  oid integer primary key autoincrement,
+  fingerprint text, -- The key's fingerprint in hex
+  email text,       -- The normalized mail address destilled from user_id
+  user_id text,     -- The unmodified user id
+  time integer,     -- The time this binding was first observed.
+  policy boolean check
+       (policy in (1, 2, 3, 4, 5)), -- The trust policy with the values:
+                                    --   1 := Auto
+                                    --   2 := Good
+                                    --   3 := Unknown
+                                    --   4 := Bad
+                                    --   5 := Ask
+  conflict string,  -- NULL or a hex formatted fingerprint.
+  unique (fingerprint, email)
+);
+
+CREATE INDEX bindings_fingerprint_email on bindings (fingerprint, email);
+CREATE INDEX bindings_email on bindings (email);
+
+--
+-- The SIGNATURES table records all data signatures we verified
+--
+CREATE TABLE signatures (
+  binding integer not null, -- Link to bindings table,
+                            -- references bindings.oid.
+  sig_digest text,          -- The digest of the signed message.
+  origin text,              -- String describing who initially fed
+                            -- the signature to gpg (e.g. "email:claws").
+  sig_time integer,         -- Timestamp from the signature.
+  time integer,             -- Time this record was created.
+  primary key (binding, sig_digest, origin)
+);
+#+end_src
+
+
 * GNU extensions to the S2K algorithm

  1 octet  - S2K Usage: either 254 or 255.
@ -1169,6 +1218,9 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:

 * Keyserver helper message format

+  *This information is obsolete*
+  (Keyserver helpers have been replaced by dirmngr)
+
  The keyserver may be contacted by a Unix Domain socket or via TCP.

  The format of a request is:
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@ -1840,25 +1840,6 @@ key signer (defaults to 3)
 The default TOFU policy (defaults to @code{auto}).  For more
 information about the meaning of this option, @xref{trust-model-tofu}.

-@item --tofu-db-format @code{auto|split|flat}
-@opindex tofu-default-policy
-The format for the TOFU DB.
-
-The split file format splits the data across many DBs under the
-@code{tofu.d} directory (one per email address and one per key).  This
-makes it easier to automatically synchronize the data using a tool
-such as Unison (@url{https://www.cis.upenn.edu/~bcpierce/unison/}),
-since the individual files change rarely.
-
-The flat file format keeps all of the data in the single file
-@code{tofu.db}.  This format results in better performance.
-
-If set to auto (which is the default), GnuPG will first check for the
-existence of @code{tofu.d} and @code{tofu.db}.  If one of these
-exists, the corresponding format is used.  If neither or both of these
-exist, then GnuPG defaults to the @code{split} format.  In the latter
-case, a warning is emitted.
-
@item --max-cert-depth @code{n}
@opindex max-cert-depth
 Maximum depth of a certification chain (default is 5).