From 62fb86c6589f7f74dad4741db31b3aefa0848420 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 10 Feb 2014 17:05:54 +0100 Subject: [PATCH] gpg: Allow building without any trust model support. * configure.ac: Add option --disable-trust-models (NO_TRUST_MODELS): New ac_define and am_conditional. * g10/Makefile.am (trust_source): New. (gpg2_SOURCES): Factor some files out to above. Add trust.c. * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust, --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb, --list-trustdb, --trustdb-name, --auto-check-trustdb, --no-auto-check-trustdb, and --force-ownertrust. (parse_trust_model) [NO_TRUST_MODELS]: Do not build. (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all trustdb related option code. * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust", "enable", and "disable". * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print "tru" record. * g10/trust.c: New. * g10/trustdb.c (struct key_item): Move to trustdb.h. (register_trusted_keyid): Rename to tdb_register_trusted_keyid. (register_trusted_key): Rename to tdb_register_trusted_key. (trust_letter, uid_trust_string_fixed, trust_value_to_string) (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info) (get_ownertrust_string, get_validity_info, get_validity_string) (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c. (mark_usable_uid_certs): Move to trust.c and make global. (is_in_klist): Move as inline to trustdb.h. (trustdb_check_or_update): Rename to tdb_check_or_update (revalidation_mark): Rename to tdb_revalidation_mark. (get_ownertrust): Rename to tdb_get_ownertrust. (get_min_ownertrust): Rename to tdb_get_min_ownertrust. (update_ownertrust): Rename to tdb_update_ownertrust. (clear_ownertrusts): Rename to tdb_clear_ownertrusts. (cache_disabled_value): Rename to tdb_cache_disabled_value. (check_trustdb_stale): Rename to tdb_check_trustdb_stale. (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and factor some code out to ... * trust.c (get_validity): ...new. (check_or_update_trustdb): New wrapper. (revalidation_mark): New wrapper. (get_ownertrust): New wrapper. (get_ownertrust_with_min): New wrapper. (update_ownertrust): New wrapper. (clear_ownertrusts): New wrapper. (cache_disabled_value): New wrapper. (check_trustdb_stale): New wrapper. * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead of --always-trust. --- configure.ac | 14 + g10/Makefile.am | 13 +- g10/gpg.c | 39 +- g10/import.c | 2 +- g10/keyedit.c | 20 +- g10/keylist.c | 3 +- g10/keyserver.c | 4 +- g10/pkclist.c | 7 +- g10/trust.c | 740 +++++++++++++++++++++++++++++ g10/trustdb.c | 630 ++---------------------- g10/trustdb.h | 98 +++- tests/openpgp/armencrypt.test | 2 +- tests/openpgp/armencryptp.test | 2 +- tests/openpgp/armsignencrypt.test | 2 +- tests/openpgp/defs.inc | 13 +- tests/openpgp/ecc.test | 2 +- tests/openpgp/encrypt-dsa.test | 4 +- tests/openpgp/encrypt.test | 4 +- tests/openpgp/encryptp.test | 2 +- tests/openpgp/gpg.conf.tmpl | 1 - tests/openpgp/seat.test | 2 +- tests/openpgp/signencrypt-dsa.test | 4 +- tests/openpgp/signencrypt.test | 2 +- 23 files changed, 960 insertions(+), 650 deletions(-) create mode 100644 g10/trust.c diff --git a/configure.ac b/configure.ac index 98de67893..4abeeb007 100644 --- a/configure.ac +++ b/configure.ac @@ -87,6 +87,7 @@ have_adns=no use_zip=yes use_bzip2=yes use_exec=yes +use_trust_models=yes disable_keyserver_path=no card_support=yes use_ccid_driver=yes @@ -215,6 +216,18 @@ AC_ARG_ENABLE(selinux-support, AC_MSG_RESULT($selinux_support) +AC_MSG_CHECKING([whether to enable trust models]) +AC_ARG_ENABLE(trust-models, + AC_HELP_STRING([--disable-trust-models], + [disable all trust models except "always"]), + use_trust_models=$enableval) +AC_MSG_RESULT($use_trust_models) +if test "$use_trust_models" = no ; then + AC_DEFINE(NO_TRUST_MODELS, 1, + [Define to include only trust-model always]) +fi + + # # Options to disable algorithm # @@ -1615,6 +1628,7 @@ AM_CONDITIONAL(BUILD_SYMCRYPTRUN, test "$build_symcryptrun" = "yes") AM_CONDITIONAL(BUILD_GPGTAR, test "$build_gpgtar" = "yes") AM_CONDITIONAL(ENABLE_CARD_SUPPORT, test "$card_support" = yes) +AM_CONDITIONAL(NO_TRUST_MODELS, test "$use_trust_models" = no) AM_CONDITIONAL(RUN_GPG_TESTS, test x$cross_compiling = xno -a "$build_gpg" = yes ) diff --git a/g10/Makefile.am b/g10/Makefile.am index fe442cf4d..ba686481c 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -48,6 +48,13 @@ else card_source = endif +if NO_TRUST_MODELS +trust_source = +else +trust_source = trustdb.c trustdb.h tdbdump.c tdbio.c tdbio.h +endif + + if HAVE_W32_SYSTEM resource_objs += gpg-w32info.o endif @@ -103,11 +110,6 @@ gpg2_SOURCES = gpg.c \ dearmor.c \ import.c \ export.c \ - trustdb.c \ - trustdb.h \ - tdbdump.c \ - tdbio.c \ - tdbio.h \ delkey.c \ keygen.c \ helptext.c \ @@ -116,6 +118,7 @@ gpg2_SOURCES = gpg.c \ call-dirmngr.c call-dirmngr.h \ photoid.c photoid.h \ call-agent.c call-agent.h \ + trust.c $(trust_source) \ $(card_source) \ exec.c exec.h diff --git a/g10/gpg.c b/g10/gpg.c index 03652268a..15cbe4bcc 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -431,12 +431,16 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_c (aGPGConfList, "gpgconf-list", "@" ), ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@" ), ARGPARSE_c (aListPackets, "list-packets","@"), + +#ifndef NO_TRUST_MODELS ARGPARSE_c (aExportOwnerTrust, "export-ownertrust", "@"), ARGPARSE_c (aImportOwnerTrust, "import-ownertrust", "@"), ARGPARSE_c (aUpdateTrustDB,"update-trustdb", N_("update the trust database")), ARGPARSE_c (aCheckTrustDB, "check-trustdb", "@"), ARGPARSE_c (aFixTrustDB, "fix-trustdb", "@"), +#endif + ARGPARSE_c (aDeArmor, "dearmor", "@"), ARGPARSE_c (aDeArmor, "dearmour", "@"), ARGPARSE_c (aEnArmor, "enarmor", "@"), @@ -603,7 +607,10 @@ static ARGPARSE_OPTS opts[] = { /* More hidden commands and options. */ ARGPARSE_c (aPrintMDs, "print-mds", "@"), /* old */ +#ifndef NO_TRUST_MODELS ARGPARSE_c (aListTrustDB, "list-trustdb", "@"), +#endif + /* Not yet used: ARGPARSE_c (aListTrustPath, "list-trust-path", "@"), */ ARGPARSE_c (aDeleteSecretAndPublicKeys, @@ -619,7 +626,14 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oCommandFile, "command-file", "@"), ARGPARSE_s_n (oQuickRandom, "debug-quick-random", "@"), ARGPARSE_s_n (oNoVerbose, "no-verbose", "@"), + +#ifndef NO_TRUST_MODELS ARGPARSE_s_s (oTrustDBName, "trustdb-name", "@"), + ARGPARSE_s_n (oAutoCheckTrustDB, "auto-check-trustdb", "@"), + ARGPARSE_s_n (oNoAutoCheckTrustDB, "no-auto-check-trustdb", "@"), + ARGPARSE_s_s (oForceOwnertrust, "force-ownertrust", "@"), +#endif + ARGPARSE_s_n (oNoSecmemWarn, "no-secmem-warning", "@"), ARGPARSE_s_n (oRequireSecmem, "require-secmem", "@"), ARGPARSE_s_n (oNoRequireSecmem, "no-require-secmem", "@"), @@ -647,7 +661,6 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_i (oDefCertLevel, "default-cert-check-level", "@"), /* old */ ARGPARSE_s_n (oAlwaysTrust, "always-trust", "@"), ARGPARSE_s_s (oTrustModel, "trust-model", "@"), - ARGPARSE_s_s (oForceOwnertrust, "force-ownertrust", "@"), ARGPARSE_s_s (oSetFilename, "set-filename", "@"), ARGPARSE_s_n (oForYourEyesOnly, "for-your-eyes-only", "@"), ARGPARSE_s_n (oNoForYourEyesOnly, "no-for-your-eyes-only", "@"), @@ -704,8 +717,6 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oNoAutoKeyRetrieve, "no-auto-key-retrieve", "@"), ARGPARSE_s_n (oNoSigCache, "no-sig-cache", "@"), ARGPARSE_s_n (oNoSigCreateCheck, "no-sig-create-check", "@"), - ARGPARSE_s_n (oAutoCheckTrustDB, "auto-check-trustdb", "@"), - ARGPARSE_s_n (oNoAutoCheckTrustDB, "no-auto-check-trustdb", "@"), ARGPARSE_s_n (oMergeOnly, "merge-only", "@" ), ARGPARSE_s_n (oAllowSecretKeyImport, "allow-secret-key-import", "@"), ARGPARSE_s_n (oTryAllSecrets, "try-all-secrets", "@"), @@ -1844,6 +1855,8 @@ collapse_args(int argc,char *argv[]) return str; } + +#ifndef NO_TRUST_MODELS static void parse_trust_model(const char *model) { @@ -1860,6 +1873,7 @@ parse_trust_model(const char *model) else log_error("unknown trust model '%s'\n",model); } +#endif /*NO_TRUST_MODELS*/ /* This fucntion called to initialized a new control object. It is @@ -1967,7 +1981,9 @@ main (int argc, char **argv) int use_random_seed = 1; enum cmd_and_opt_values cmd = 0; const char *debug_level = NULL; +#ifndef NO_TRUST_MODELS const char *trustdb_name = NULL; +#endif /*!NO_TRUST_MODELS*/ char *def_cipher_string = NULL; char *def_digest_string = NULL; char *compress_algo_string = NULL; @@ -2056,7 +2072,11 @@ main (int argc, char **argv) opt.verify_options = (VERIFY_SHOW_POLICY_URLS | VERIFY_SHOW_STD_NOTATIONS | VERIFY_SHOW_KEYSERVER_URLS); +#ifdef NO_TRUST_MODELS + opt.trust_model = TM_ALWAYS; +#else opt.trust_model = TM_AUTO; +#endif opt.mangle_dos_filenames = 0; opt.min_cert_level = 2; set_screen_dimensions (); @@ -2376,7 +2396,11 @@ main (int argc, char **argv) case oCompletesNeeded: opt.completes_needed = pargs.r.ret_int; break; case oMarginalsNeeded: opt.marginals_needed = pargs.r.ret_int; break; case oMaxCertDepth: opt.max_cert_depth = pargs.r.ret_int; break; + +#ifndef NO_TRUST_MODELS case oTrustDBName: trustdb_name = pargs.r.ret_str; break; + +#endif /*!NO_TRUST_MODELS*/ case oDefaultKey: opt.def_secret_key = pargs.r.ret_str; break; case oDefRecipient: if( *pargs.r.ret_str ) @@ -2407,6 +2431,8 @@ main (int argc, char **argv) case oCompressKeys: opt.compress_keys = 1; break; case aListSecretKeys: set_cmd( &cmd, aListSecretKeys); break; + +#ifndef NO_TRUST_MODELS /* There are many programs (like mutt) that call gpg with --always-trust so keep this option around for a long time. */ @@ -2414,6 +2440,8 @@ main (int argc, char **argv) case oTrustModel: parse_trust_model(pargs.r.ret_str); break; +#endif /*!NO_TRUST_MODELS*/ + case oForceOwnertrust: log_info(_("NOTE: %s is not for normal use!\n"), "--force-ownertrust"); @@ -3494,6 +3522,7 @@ main (int argc, char **argv) ctrl = xcalloc (1, sizeof *ctrl); gpg_init_default_ctrl (ctrl); +#ifndef NO_TRUST_MODELS switch (cmd) { case aPrimegen: @@ -3522,7 +3551,7 @@ main (int argc, char **argv) } if (rc) log_error (_("failed to initialize the TrustDB: %s\n"), g10_errstr(rc)); - +#endif /*!NO_TRUST_MODELS*/ switch (cmd) { @@ -4023,6 +4052,7 @@ main (int argc, char **argv) } break; +#ifndef NO_TRUST_MODELS case aListTrustDB: if( !argc ) list_trustdb(NULL); @@ -4068,6 +4098,7 @@ main (int argc, char **argv) wrong_args("--import-ownertrust [file]"); import_ownertrust( argc? *argv:NULL ); break; +#endif /*!NO_TRUST_MODELS*/ case aRebuildKeydbCaches: if (argc) diff --git a/g10/import.c b/g10/import.c index 9c14e8b4b..74443ef10 100644 --- a/g10/import.c +++ b/g10/import.c @@ -222,7 +222,7 @@ import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames, interactive or by not setting no-auto-check-trustdb */ if(!(options&IMPORT_FAST)) - trustdb_check_or_update(); + check_or_update_trustdb (); return rc; } diff --git a/g10/keyedit.c b/g10/keyedit.c index e455e845b..2b8b582f6 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -81,7 +81,9 @@ static int menu_revsig (KBNODE keyblock); static int menu_revuid (KBNODE keyblock); static int menu_revkey (KBNODE pub_keyblock); static int menu_revsubkey (KBNODE pub_keyblock); +#ifndef NO_TRUST_MODELS static int enable_disable_key (KBNODE keyblock, int disable); +#endif /*!NO_TRUST_MODELS*/ static void menu_showphoto (KBNODE keyblock); static int update_trust = 0; @@ -1305,7 +1307,11 @@ enum cmdids cmdREVSIG, cmdREVKEY, cmdREVUID, cmdDELSIG, cmdPRIMARY, cmdDEBUG, cmdSAVE, cmdADDUID, cmdADDPHOTO, cmdDELUID, cmdADDKEY, cmdDELKEY, cmdADDREVOKER, cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF, - cmdEXPIRE, cmdBACKSIGN, cmdENABLEKEY, cmdDISABLEKEY, cmdSHOWPREF, + cmdEXPIRE, cmdBACKSIGN, +#ifndef NO_TRUST_MODELS + cmdENABLEKEY, cmdDISABLEKEY, +#endif /*!NO_TRUST_MODELS*/ + cmdSHOWPREF, cmdSETPREF, cmdPREFKS, cmdNOTATION, cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST, cmdCHKTRUST, cmdADDCARDKEY, cmdKEYTOCARD, cmdBKUPTOCARD, cmdCHECKBKUPKEY, cmdCLEAN, cmdMINIMIZE, cmdNOP @@ -1384,7 +1390,9 @@ static struct { "passwd", cmdPASSWD, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, N_("change the passphrase")}, { "password", cmdPASSWD, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL}, +#ifndef NO_TRUST_MODELS { "trust", cmdTRUST, KEYEDIT_NOT_SK, N_("change the ownertrust")}, +#endif /*!NO_TRUST_MODELS*/ { "revsig", cmdREVSIG, KEYEDIT_NOT_SK, N_("revoke signatures on the selected user IDs")}, { "revuid", cmdREVUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, @@ -1392,8 +1400,10 @@ static struct { "revphoto", cmdREVUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL}, { "revkey", cmdREVKEY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, N_("revoke key or selected subkeys")}, +#ifndef NO_TRUST_MODELS { "enable", cmdENABLEKEY, KEYEDIT_NOT_SK, N_("enable key")}, { "disable", cmdDISABLEKEY, KEYEDIT_NOT_SK, N_("disable key")}, +#endif /*!NO_TRUST_MODELS*/ { "showphoto", cmdSHOWPHOTO, 0, N_("show selected photo IDs")}, { "clean", cmdCLEAN, KEYEDIT_NOT_SK, N_("compact unusable user IDs and remove unusable signatures from key")}, @@ -2059,6 +2069,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, change_passphrase (ctrl, keyblock); break; +#ifndef NO_TRUST_MODELS case cmdTRUST: if (opt.trust_model == TM_EXTERNAL) { @@ -2080,6 +2091,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, update_trust = 1; } break; +#endif /*!NO_TRUST_MODELS*/ case cmdPREF: { @@ -2158,6 +2170,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, } break; +#ifndef NO_TRUST_MODELS case cmdENABLEKEY: case cmdDISABLEKEY: if (enable_disable_key (keyblock, cmd == cmdDISABLEKEY)) @@ -2166,6 +2179,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, modified = 1; } break; +#endif /*!NO_TRUST_MODELS*/ case cmdSHOWPHOTO: menu_showphoto (keyblock); @@ -4837,12 +4851,14 @@ menu_revuid (KBNODE pub_keyblock) pkt->pkt.signature = sig; insert_kbnode (node, new_kbnode (pkt), 0); +#ifndef NO_TRUST_MODELS /* If the trustdb has an entry for this key+uid then the trustdb needs an update. */ if (!update_trust && (get_validity (pk, uid) & TRUST_MASK) >= TRUST_UNDEFINED) update_trust = 1; +#endif /*!NO_TRUST_MODELS*/ changed = 1; node->pkt->pkt.user_id->is_revoked = 1; @@ -4978,6 +4994,7 @@ menu_revsubkey (KBNODE pub_keyblock) enabling or disabling a key. This is arguably sub-optimal as disabled keys are still counted in the web of trust, but perhaps not worth adding extra complexity to change. -ds */ +#ifndef NO_TRUST_MODELS static int enable_disable_key (KBNODE keyblock, int disable) { @@ -4994,6 +5011,7 @@ enable_disable_key (KBNODE keyblock, int disable) update_ownertrust (pk, newtrust); return 0; } +#endif /*!NO_TRUST_MODELS*/ static void diff --git a/g10/keylist.c b/g10/keylist.c index 82d60c261..6e5ebdac9 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -64,6 +64,7 @@ static estream_t attrib_fp; void public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode) { +#ifndef NO_TRUST_MODELS if (opt.with_colons) { byte trust_model, marginals, completes, cert_depth, min_cert_level; @@ -98,9 +99,9 @@ public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode) if (trust_model == TM_PGP || trust_model == TM_CLASSIC) es_fprintf (es_stdout, ":%d:%d:%d", marginals, completes, cert_depth); - es_fprintf (es_stdout, "\n"); } +#endif /*!NO_TRUST_MODELS*/ /* We need to do the stale check right here because it might need to update the keyring while we already have the keyring open. This diff --git a/g10/keyserver.c b/g10/keyserver.c index 0f60f7d37..4de56fc46 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -1344,7 +1344,7 @@ keyserver_refresh (ctrl_t ctrl, strlist_t users) /* If the original options didn't have fast import, and the trustdb is dirty, rebuild. */ if(!(opt.keyserver_options.import_options&IMPORT_FAST)) - trustdb_check_or_update(); + check_or_update_trustdb (); return rc; } @@ -1688,7 +1688,7 @@ keyserver_fetch (ctrl_t ctrl, strlist_t urilist) /* If the original options didn't have fast import, and the trustdb is dirty, rebuild. */ if (!(opt.keyserver_options.import_options&IMPORT_FAST)) - trustdb_check_or_update (); + check_or_update_trustdb (); return 0; } diff --git a/g10/pkclist.c b/g10/pkclist.c index d94f59e11..a6d687a0f 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -176,6 +176,7 @@ show_revocation_reason( PKT_public_key *pk, int mode ) * 0 = nothing changed * 1 = new ownertrust now in new_trust */ +#ifndef NO_TRUST_MODELS static int do_edit_ownertrust (PKT_public_key *pk, int mode, unsigned *new_trust, int defer_help ) @@ -187,7 +188,7 @@ do_edit_ownertrust (PKT_public_key *pk, int mode, int show=0; int min_num; int did_help=defer_help; - unsigned int minimum=get_min_ownertrust(pk); + unsigned int minimum = tdb_get_min_ownertrust (pk); char pkstrbuf[PUBKEY_STRING_SIZE]; switch(minimum) @@ -365,12 +366,15 @@ do_edit_ownertrust (PKT_public_key *pk, int mode, xfree(p); return show? -2: quit? -1 : changed; } +#endif /*!NO_TRUST_MODELS*/ + /* * Display a menu to change the ownertrust of the key PK (which should * be a primary key). * For mode values see do_edit_ownertrust () */ +#ifndef NO_TRUST_MODELS int edit_ownertrust (PKT_public_key *pk, int mode ) { @@ -396,6 +400,7 @@ edit_ownertrust (PKT_public_key *pk, int mode ) } } } +#endif /*!NO_TRUST_MODELS*/ /**************** diff --git a/g10/trust.c b/g10/trust.c new file mode 100644 index 000000000..32cd93462 --- /dev/null +++ b/g10/trust.c @@ -0,0 +1,740 @@ +/* trust.c - High level trust functions + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, + * 2008, 2012 Free Software Foundation, Inc. + * Copyright (C) 2014 Werner Koch + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include +#include +#include +#include +#include + +#include "gpg.h" +#include "keydb.h" +#include "util.h" +#include "options.h" +#include "packet.h" +#include "main.h" +#include "i18n.h" +#include "trustdb.h" + + +/* Return true if key is disabled. Note that this is usually used via + the pk_is_disabled macro. */ +int +cache_disabled_value (PKT_public_key *pk) +{ +#ifdef NO_TRUST_MODELS + (void)pk; + return 0; +#else + return tdb_cache_disabled_value (pk); +#endif +} + + +void +register_trusted_keyid (u32 *keyid) +{ +#ifdef NO_TRUST_MODELS + (void)keyid; +#else + register_trusted_keyid (keyid); +#endif +} + + +void +register_trusted_key (const char *string) +{ +#ifdef NO_TRUST_MODELS + (void)string; +#else + register_trusted_key (string); +#endif +} + + + +/* + * This function returns a letter for a trust value. Trust flags + * are ignored. + */ +static int +trust_letter (unsigned int value) +{ + switch( (value & TRUST_MASK) ) + { + case TRUST_UNKNOWN: return '-'; + case TRUST_EXPIRED: return 'e'; + case TRUST_UNDEFINED: return 'q'; + case TRUST_NEVER: return 'n'; + case TRUST_MARGINAL: return 'm'; + case TRUST_FULLY: return 'f'; + case TRUST_ULTIMATE: return 'u'; + default: return '?'; + } +} + + +/* The strings here are similar to those in + pkclist.c:do_edit_ownertrust() */ +const char * +trust_value_to_string (unsigned int value) +{ + switch ((value & TRUST_MASK)) + { + case TRUST_UNKNOWN: return _("unknown"); + case TRUST_EXPIRED: return _("expired"); + case TRUST_UNDEFINED: return _("undefined"); + case TRUST_NEVER: return _("never"); + case TRUST_MARGINAL: return _("marginal"); + case TRUST_FULLY: return _("full"); + case TRUST_ULTIMATE: return _("ultimate"); + default: return "err"; + } +} + + +int +string_to_trust_value (const char *str) +{ + if (!ascii_strcasecmp (str, "undefined")) + return TRUST_UNDEFINED; + else if (!ascii_strcasecmp (str, "never")) + return TRUST_NEVER; + else if (!ascii_strcasecmp (str, "marginal")) + return TRUST_MARGINAL; + else if (!ascii_strcasecmp (str, "full")) + return TRUST_FULLY; + else if (!ascii_strcasecmp(str, "ultimate")) + return TRUST_ULTIMATE; + else + return -1; +} + + +const char * +uid_trust_string_fixed (PKT_public_key *key, PKT_user_id *uid) +{ + if (!key && !uid) + { + /* TRANSLATORS: these strings are similar to those in + trust_value_to_string(), but are a fixed length. This is needed to + make attractive information listings where columns line up + properly. The value "10" should be the length of the strings you + choose to translate to. This is the length in printable columns. + It gets passed to atoi() so everything after the number is + essentially a comment and need not be translated. Either key and + uid are both NULL, or neither are NULL. */ + return _("10 translator see trust.c:uid_trust_string_fixed"); + } + else if(uid->is_revoked || (key && key->flags.revoked)) + return _("[ revoked]"); + else if(uid->is_expired) + return _("[ expired]"); + else if(key) + { + switch (get_validity(key,uid)&TRUST_MASK) + { + case TRUST_UNKNOWN: return _("[ unknown]"); + case TRUST_EXPIRED: return _("[ expired]"); + case TRUST_UNDEFINED: return _("[ undef ]"); + case TRUST_MARGINAL: return _("[marginal]"); + case TRUST_FULLY: return _("[ full ]"); + case TRUST_ULTIMATE: return _("[ultimate]"); + } + } + + return "err"; +} + + + +/* + * Return the assigned ownertrust value for the given public key. + * The key should be the primary key. + */ +unsigned int +get_ownertrust (PKT_public_key *pk) +{ +#ifdef NO_TRUST_MODELS + (void)pk; + return TRUST_UNKNOWN; +#else + return tdb_get_ownertrust (pk); +#endif +} + + +/* + * Same as get_ownertrust but this takes the minimum ownertrust value + * into into account, and will bump up the value as needed. + */ +static int +get_ownertrust_with_min (PKT_public_key *pk) +{ +#ifdef NO_TRUST_MODELS + (void)pk; + return TRUST_UNKNOWN; +#else + unsigned int otrust, otrust_min; + + otrust = (tdb_get_ownertrust (pk) & TRUST_MASK); + otrust_min = tdb_get_min_ownertrust (pk); + if (otrust < otrust_min) + { + /* If the trust that the user has set is less than the trust + that was calculated from a trust signature chain, use the + higher of the two. We do this here and not in + get_ownertrust since the underlying ownertrust should not + really be set - just the appearance of the ownertrust. */ + + otrust = otrust_min; + } + + return otrust; +#endif +} + + +/* + * Same as get_ownertrust but return a trust letter instead of an + * value. This takes the minimum ownertrust value into account. + */ +int +get_ownertrust_info (PKT_public_key *pk) +{ + return trust_letter (get_ownertrust_with_min (pk)); +} + + +/* + * Same as get_ownertrust but return a trust string instead of an + * value. This takes the minimum ownertrust value into account. + */ +const char * +get_ownertrust_string (PKT_public_key *pk) +{ + return trust_value_to_string (get_ownertrust_with_min (pk)); +} + + +/* + * Set the trust value of the given public key to the new value. + * The key should be a primary one. + */ +void +update_ownertrust (PKT_public_key *pk, unsigned int new_trust) +{ +#ifdef NO_TRUST_MODELS + (void)pk; + (void)new_trust; +#else + update_ownertrust (pk, new_trust); +#endif +} + + +int +clear_ownertrusts (PKT_public_key *pk) +{ +#ifdef NO_TRUST_MODELS + (void)pk; + return 0; +#else + return tdb_clear_ownertrusts (pk); +#endif +} + + +void +revalidation_mark (void) +{ +#ifndef NO_TRUST_MODELS + tdb_revalidation_mark (); +#endif +} + + +void +check_trustdb_stale (void) +{ +#ifndef NO_TRUST_MODELS + tdb_check_trustdb_stale (); +#endif +} + + +void +check_or_update_trustdb (void) +{ +#ifndef NO_TRUST_MODELS + tdb_check_or_update (); +#endif +} + + +/* + * Return the validity information for PK. If the namehash is not + * NULL, the validity of the corresponsing user ID is returned, + * otherwise, a reasonable value for the entire key is returned. + */ +unsigned int +get_validity (PKT_public_key *pk, PKT_user_id *uid) +{ + int rc; + unsigned int validity; + u32 kid[2]; + PKT_public_key *main_pk; + + if (uid) + namehash_from_uid (uid); + + keyid_from_pk (pk, kid); + if (pk->main_keyid[0] != kid[0] || pk->main_keyid[1] != kid[1]) + { + /* This is a subkey - get the mainkey. */ + main_pk = xmalloc_clear (sizeof *main_pk); + rc = get_pubkey (main_pk, pk->main_keyid); + if (rc) + { + char *tempkeystr = xstrdup (keystr (pk->main_keyid)); + log_error ("error getting main key %s of subkey %s: %s\n", + tempkeystr, keystr (kid), g10_errstr (rc)); + xfree (tempkeystr); + validity = TRUST_UNKNOWN; + goto leave; + } + } + else + main_pk = pk; + +#ifdef NO_TRUST_MODELS + validity = TRUST_UNKNOWN; +#else + validity = tdb_get_validity_core (pk, uid, main_pk); +#endif + + leave: + /* Set some flags direct from the key */ + if (main_pk->flags.revoked) + validity |= TRUST_FLAG_REVOKED; + if (main_pk != pk && pk->flags.revoked) + validity |= TRUST_FLAG_SUB_REVOKED; + /* Note: expiration is a trust value and not a flag - don't know why + * I initially designed it that way. */ + if (main_pk->has_expired || pk->has_expired) + validity = ((validity & (~TRUST_MASK | TRUST_FLAG_PENDING_CHECK)) + | TRUST_EXPIRED); + + if (main_pk != pk) + free_public_key (main_pk); + return validity; +} + + +int +get_validity_info (PKT_public_key *pk, PKT_user_id *uid) +{ + int trustlevel; + + if (!pk) + return '?'; /* Just in case a NULL PK is passed. */ + + trustlevel = get_validity (pk, uid); + if ((trustlevel & TRUST_FLAG_REVOKED)) + return 'r'; + return trust_letter (trustlevel); +} + + +const char * +get_validity_string (PKT_public_key *pk, PKT_user_id *uid) +{ + int trustlevel; + + if (!pk) + return "err"; /* Just in case a NULL PK is passed. */ + + trustlevel = get_validity (pk, uid); + if ((trustlevel & TRUST_FLAG_REVOKED)) + return _("revoked"); + return trust_value_to_string (trustlevel); +} + + + +/* + * Mark the signature of the given UID which are used to certify it. + * To do this, we first revmove all signatures which are not valid and + * from the remain ones we look for the latest one. If this is not a + * certification revocation signature we mark the signature by setting + * node flag bit 8. Revocations are marked with flag 11, and sigs + * from unavailable keys are marked with flag 12. Note that flag bits + * 9 and 10 are used for internal purposes. + */ +void +mark_usable_uid_certs (kbnode_t keyblock, kbnode_t uidnode, + u32 *main_kid, struct key_item *klist, + u32 curtime, u32 *next_expire) +{ + kbnode_t node; + PKT_signature *sig; + + /* First check all signatures. */ + for (node=uidnode->next; node; node = node->next) + { + int rc; + + node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12); + if (node->pkt->pkttype == PKT_USER_ID + || node->pkt->pkttype == PKT_PUBLIC_SUBKEY) + break; /* ready */ + if (node->pkt->pkttype != PKT_SIGNATURE) + continue; + sig = node->pkt->pkt.signature; + if (main_kid + && sig->keyid[0] == main_kid[0] && sig->keyid[1] == main_kid[1]) + continue; /* ignore self-signatures if we pass in a main_kid */ + if (!IS_UID_SIG(sig) && !IS_UID_REV(sig)) + continue; /* we only look at these signature classes */ + if(sig->sig_class>=0x11 && sig->sig_class<=0x13 && + sig->sig_class-0x10flag |= 1<<12; + continue; + } + node->flag |= 1<<9; + } + /* Reset the remaining flags. */ + for (; node; node = node->next) + node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12); + + /* kbnode flag usage: bit 9 is here set for signatures to consider, + * bit 10 will be set by the loop to keep track of keyIDs already + * processed, bit 8 will be set for the usable signatures, and bit + * 11 will be set for usable revocations. */ + + /* For each cert figure out the latest valid one. */ + for (node=uidnode->next; node; node = node->next) + { + KBNODE n, signode; + u32 kid[2]; + u32 sigdate; + + if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) + break; + if ( !(node->flag & (1<<9)) ) + continue; /* not a node to look at */ + if ( (node->flag & (1<<10)) ) + continue; /* signature with a keyID already processed */ + node->flag |= (1<<10); /* mark this node as processed */ + sig = node->pkt->pkt.signature; + signode = node; + sigdate = sig->timestamp; + kid[0] = sig->keyid[0]; kid[1] = sig->keyid[1]; + + /* Now find the latest and greatest signature */ + for (n=uidnode->next; n; n = n->next) + { + if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY) + break; + if ( !(n->flag & (1<<9)) ) + continue; + if ( (n->flag & (1<<10)) ) + continue; /* shortcut already processed signatures */ + sig = n->pkt->pkt.signature; + if (kid[0] != sig->keyid[0] || kid[1] != sig->keyid[1]) + continue; + n->flag |= (1<<10); /* mark this node as processed */ + + /* If signode is nonrevocable and unexpired and n isn't, + then take signode (skip). It doesn't matter which is + older: if signode was older then we don't want to take n + as signode is nonrevocable. If n was older then we're + automatically fine. */ + + if(((IS_UID_SIG(signode->pkt->pkt.signature) && + !signode->pkt->pkt.signature->flags.revocable && + (signode->pkt->pkt.signature->expiredate==0 || + signode->pkt->pkt.signature->expiredate>curtime))) && + (!(IS_UID_SIG(n->pkt->pkt.signature) && + !n->pkt->pkt.signature->flags.revocable && + (n->pkt->pkt.signature->expiredate==0 || + n->pkt->pkt.signature->expiredate>curtime)))) + continue; + + /* If n is nonrevocable and unexpired and signode isn't, + then take n. Again, it doesn't matter which is older: if + n was older then we don't want to take signode as n is + nonrevocable. If signode was older then we're + automatically fine. */ + + if((!(IS_UID_SIG(signode->pkt->pkt.signature) && + !signode->pkt->pkt.signature->flags.revocable && + (signode->pkt->pkt.signature->expiredate==0 || + signode->pkt->pkt.signature->expiredate>curtime))) && + ((IS_UID_SIG(n->pkt->pkt.signature) && + !n->pkt->pkt.signature->flags.revocable && + (n->pkt->pkt.signature->expiredate==0 || + n->pkt->pkt.signature->expiredate>curtime)))) + { + signode = n; + sigdate = sig->timestamp; + continue; + } + + /* At this point, if it's newer, it goes in as the only + remaining possibilities are signode and n are both either + revocable or expired or both nonrevocable and unexpired. + If the timestamps are equal take the later ordered + packet, presuming that the key packets are hopefully in + their original order. */ + + if (sig->timestamp >= sigdate) + { + signode = n; + sigdate = sig->timestamp; + } + } + + sig = signode->pkt->pkt.signature; + if (IS_UID_SIG (sig)) + { /* this seems to be a usable one which is not revoked. + * Just need to check whether there is an expiration time, + * We do the expired certification after finding a suitable + * certification, the assumption is that a signator does not + * want that after the expiration of his certificate the + * system falls back to an older certification which has a + * different expiration time */ + const byte *p; + u32 expire; + + p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL ); + expire = p? sig->timestamp + buffer_to_u32(p) : 0; + + if (expire==0 || expire > curtime ) + { + signode->flag |= (1<<8); /* yeah, found a good cert */ + if (next_expire && expire && expire < *next_expire) + *next_expire = expire; + } + } + else + signode->flag |= (1<<11); + } +} + + +static int +clean_sigs_from_uid (kbnode_t keyblock, kbnode_t uidnode, + int noisy, int self_only) +{ + int deleted = 0; + kbnode_t node; + u32 keyid[2]; + + assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY); + + keyid_from_pk (keyblock->pkt->pkt.public_key, keyid); + + /* Passing in a 0 for current time here means that we'll never weed + out an expired sig. This is correct behavior since we want to + keep the most recent expired sig in a series. */ + mark_usable_uid_certs (keyblock, uidnode, NULL, NULL, 0, NULL); + + /* What we want to do here is remove signatures that are not + considered as part of the trust calculations. Thus, all invalid + signatures are out, as are any signatures that aren't the last of + a series of uid sigs or revocations It breaks down like this: + coming out of mark_usable_uid_certs, if a sig is unflagged, it is + not even a candidate. If a sig has flag 9 or 10, that means it + was selected as a candidate and vetted. If a sig has flag 8 it + is a usable signature. If a sig has flag 11 it is a usable + revocation. If a sig has flag 12 it was issued by an unavailable + key. "Usable" here means the most recent valid + signature/revocation in a series from a particular signer. + + Delete everything that isn't a usable uid sig (which might be + expired), a usable revocation, or a sig from an unavailable + key. */ + + for (node=uidnode->next; + node && node->pkt->pkttype==PKT_SIGNATURE; + node=node->next) + { + int keep; + + keep = self_only? (node->pkt->pkt.signature->keyid[0] == keyid[0] + && node->pkt->pkt.signature->keyid[1] == keyid[1]) : 1; + + /* Keep usable uid sigs ... */ + if ((node->flag & (1<<8)) && keep) + continue; + + /* ... and usable revocations... */ + if ((node->flag & (1<<11)) && keep) + continue; + + /* ... and sigs from unavailable keys. */ + /* disabled for now since more people seem to want sigs from + unavailable keys removed altogether. */ + /* + if(node->flag & (1<<12)) + continue; + */ + + /* Everything else we delete */ + + /* At this point, if 12 is set, the signing key was unavailable. + If 9 or 10 is set, it's superseded. Otherwise, it's + invalid. */ + + if (noisy) + log_info ("removing signature from key %s on user ID \"%s\": %s\n", + keystr (node->pkt->pkt.signature->keyid), + uidnode->pkt->pkt.user_id->name, + node->flag&(1<<12)? "key unavailable": + node->flag&(1<<9)? "signature superseded" + /* */ :"invalid signature" ); + + delete_kbnode (node); + deleted++; + } + + return deleted; +} + + +/* This is substantially easier than clean_sigs_from_uid since we just + have to establish if the uid has a valid self-sig, is not revoked, + and is not expired. Note that this does not take into account + whether the uid has a trust path to it - just whether the keyholder + themselves has certified the uid. Returns true if the uid was + compacted. To "compact" a user ID, we simply remove ALL signatures + except the self-sig that caused the user ID to be remove-worthy. + We don't actually remove the user ID packet itself since it might + be ressurected in a later merge. Note that this function requires + that the caller has already done a merge_keys_and_selfsig(). + + TODO: change the import code to allow importing a uid with only a + revocation if the uid already exists on the keyring. */ + +static int +clean_uid_from_key (kbnode_t keyblock, kbnode_t uidnode, int noisy) +{ + kbnode_t node; + PKT_user_id *uid = uidnode->pkt->pkt.user_id; + int deleted = 0; + + assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY); + assert (uidnode->pkt->pkttype==PKT_USER_ID); + + /* Skip valid user IDs, compacted user IDs, and non-self-signed user + IDs if --allow-non-selfsigned-uid is set. */ + if (uid->created + || uid->flags.compacted + || (!uid->is_expired && !uid->is_revoked && opt.allow_non_selfsigned_uid)) + return 0; + + for (node=uidnode->next; + node && node->pkt->pkttype == PKT_SIGNATURE; + node=node->next) + { + if (!node->pkt->pkt.signature->flags.chosen_selfsig) + { + delete_kbnode (node); + deleted = 1; + uidnode->pkt->pkt.user_id->flags.compacted = 1; + } + } + + if (noisy) + { + const char *reason; + char *user = utf8_to_native (uid->name, uid->len, 0); + + if (uid->is_revoked) + reason = _("revoked"); + else if (uid->is_expired) + reason = _("expired"); + else + reason = _("invalid"); + + log_info ("compacting user ID \"%s\" on key %s: %s\n", + user, keystr_from_pk (keyblock->pkt->pkt.public_key), + reason); + + xfree (user); + } + + return deleted; +} + + +/* Needs to be called after a merge_keys_and_selfsig() */ +void +clean_one_uid (kbnode_t keyblock, kbnode_t uidnode, int noisy, int self_only, + int *uids_cleaned, int *sigs_cleaned) +{ + int dummy; + + assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY); + assert (uidnode->pkt->pkttype==PKT_USER_ID); + + if (!uids_cleaned) + uids_cleaned = &dummy; + + if (!sigs_cleaned) + sigs_cleaned = &dummy; + + /* Do clean_uid_from_key first since if it fires off, we don't have + to bother with the other. */ + *uids_cleaned += clean_uid_from_key (keyblock, uidnode, noisy); + if (!uidnode->pkt->pkt.user_id->flags.compacted) + *sigs_cleaned += clean_sigs_from_uid (keyblock, uidnode, noisy, self_only); +} + + +void +clean_key (kbnode_t keyblock, int noisy, int self_only, + int *uids_cleaned, int *sigs_cleaned) +{ + kbnode_t uidnode; + + merge_keys_and_selfsig (keyblock); + + for (uidnode = keyblock->next; + uidnode && uidnode->pkt->pkttype != PKT_PUBLIC_SUBKEY; + uidnode = uidnode->next) + { + if (uidnode->pkt->pkttype == PKT_USER_ID) + clean_one_uid (keyblock, uidnode,noisy, self_only, + uids_cleaned, sigs_cleaned); + } +} diff --git a/g10/trustdb.c b/g10/trustdb.c index 24ed9dffa..733fa79bb 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -42,20 +42,6 @@ #include "trustdb.h" -/* - * A structure to store key identification as well as some stuff needed - * for validation - */ -struct key_item { - struct key_item *next; - unsigned int ownertrust,min_ownertrust; - byte trust_depth; - byte trust_value; - char *trust_regexp; - u32 kid[2]; -}; - - typedef struct key_item **KeyHashTable; /* see new_key_hash_table() */ /* @@ -200,7 +186,7 @@ release_key_array ( struct key_array *keys ) * FIXME: Should be replaced by a function to add those keys to the trustdb. */ void -register_trusted_keyid(u32 *keyid) +tdb_register_trusted_keyid (u32 *keyid) { struct key_item *k; @@ -212,7 +198,7 @@ register_trusted_keyid(u32 *keyid) } void -register_trusted_key( const char *string ) +tdb_register_trusted_key( const char *string ) { gpg_error_t err; KEYDB_SEARCH_DESC desc; @@ -308,9 +294,9 @@ verify_own_keys(void) keystr(k->kid)); else { - update_ownertrust (&pk, - ((get_ownertrust (&pk) & ~TRUST_MASK) - | TRUST_ULTIMATE )); + tdb_update_ownertrust (&pk, + ((tdb_get_ownertrust (&pk) & ~TRUST_MASK) + | TRUST_ULTIMATE )); release_public_key_parts (&pk); } @@ -483,96 +469,6 @@ init_trustdb() } -/*********************************************** - ************* Print helpers **************** - ***********************************************/ - -/**************** - * This function returns a letter for a trustvalue Trust flags - * are ignore. - */ -static int -trust_letter (unsigned int value) -{ - switch( (value & TRUST_MASK) ) - { - case TRUST_UNKNOWN: return '-'; - case TRUST_EXPIRED: return 'e'; - case TRUST_UNDEFINED: return 'q'; - case TRUST_NEVER: return 'n'; - case TRUST_MARGINAL: return 'm'; - case TRUST_FULLY: return 'f'; - case TRUST_ULTIMATE: return 'u'; - default: return '?'; - } -} - -const char * -uid_trust_string_fixed(PKT_public_key *key,PKT_user_id *uid) -{ - if(!key && !uid) -/* TRANSLATORS: these strings are similar to those in - trust_value_to_string(), but are a fixed length. This is needed to - make attractive information listings where columns line up - properly. The value "10" should be the length of the strings you - choose to translate to. This is the length in printable columns. - It gets passed to atoi() so everything after the number is - essentially a comment and need not be translated. Either key and - uid are both NULL, or neither are NULL. */ - return _("10 translator see trustdb.c:uid_trust_string_fixed"); - else if(uid->is_revoked || (key && key->flags.revoked)) - return _("[ revoked]"); - else if(uid->is_expired) - return _("[ expired]"); - else if(key) - switch(get_validity(key,uid)&TRUST_MASK) - { - case TRUST_UNKNOWN: return _("[ unknown]"); - case TRUST_EXPIRED: return _("[ expired]"); - case TRUST_UNDEFINED: return _("[ undef ]"); - case TRUST_MARGINAL: return _("[marginal]"); - case TRUST_FULLY: return _("[ full ]"); - case TRUST_ULTIMATE: return _("[ultimate]"); - } - - return "err"; -} - -/* The strings here are similar to those in - pkclist.c:do_edit_ownertrust() */ -const char * -trust_value_to_string (unsigned int value) -{ - switch( (value & TRUST_MASK) ) - { - case TRUST_UNKNOWN: return _("unknown"); - case TRUST_EXPIRED: return _("expired"); - case TRUST_UNDEFINED: return _("undefined"); - case TRUST_NEVER: return _("never"); - case TRUST_MARGINAL: return _("marginal"); - case TRUST_FULLY: return _("full"); - case TRUST_ULTIMATE: return _("ultimate"); - default: return "err"; - } -} - -int -string_to_trust_value (const char *str) -{ - if(ascii_strcasecmp(str,"undefined")==0) - return TRUST_UNDEFINED; - else if(ascii_strcasecmp(str,"never")==0) - return TRUST_NEVER; - else if(ascii_strcasecmp(str,"marginal")==0) - return TRUST_MARGINAL; - else if(ascii_strcasecmp(str,"full")==0) - return TRUST_FULLY; - else if(ascii_strcasecmp(str,"ultimate")==0) - return TRUST_ULTIMATE; - else - return -1; -} - /**************** * Recreate the WoT but do not ask for new ownertrusts. Special * feature: In batch mode and without a forced yes, this is only done @@ -626,7 +522,7 @@ update_trustdb() } void -revalidation_mark (void) +tdb_revalidation_mark (void) { init_trustdb(); /* we simply set the time for the next check to 1 (far back in 1970) @@ -645,7 +541,7 @@ trustdb_pending_check(void) /* If the trustdb is dirty, and we're interactive, update it. Otherwise, check it unless no-auto-check-trustdb is set. */ void -trustdb_check_or_update(void) +tdb_check_or_update (void) { if(trustdb_pending_check()) { @@ -718,7 +614,7 @@ read_trust_record (PKT_public_key *pk, TRUSTREC *rec) * The key should be the primary key. */ unsigned int -get_ownertrust ( PKT_public_key *pk) +tdb_get_ownertrust ( PKT_public_key *pk) { TRUSTREC rec; int rc; @@ -735,8 +631,9 @@ get_ownertrust ( PKT_public_key *pk) return rec.r.trust.ownertrust; } + unsigned int -get_min_ownertrust (PKT_public_key *pk) +tdb_get_min_ownertrust (PKT_public_key *pk) { TRUSTREC rec; int rc; @@ -753,57 +650,13 @@ get_min_ownertrust (PKT_public_key *pk) return rec.r.trust.min_ownertrust; } -/* - * Same as get_ownertrust but this takes the minimum ownertrust value - * into into account, and will bump up the value as needed. - */ -static int -get_ownertrust_with_min (PKT_public_key *pk) -{ - unsigned int otrust,otrust_min; - - otrust = (get_ownertrust (pk) & TRUST_MASK); - otrust_min = get_min_ownertrust (pk); - if(otrustmain_keyid[0] != kid[0] || pk->main_keyid[1] != kid[1]) - { /* this is a subkey - get the mainkey */ - main_pk = xmalloc_clear (sizeof *main_pk); - rc = get_pubkey (main_pk, pk->main_keyid); - if (rc) - { - char *tempkeystr=xstrdup(keystr(pk->main_keyid)); - log_error ("error getting main key %s of subkey %s: %s\n", - tempkeystr, keystr(kid), g10_errstr(rc)); - xfree(tempkeystr); - validity = TRUST_UNKNOWN; - goto leave; - } - } - else - main_pk = pk; - if(opt.trust_model==TM_DIRECT) { /* Note that this happens BEFORE any user ID stuff is checked. The direct trust model applies to keys as a whole. */ - validity=get_ownertrust(main_pk); + validity = tdb_get_ownertrust (main_pk); goto leave; } @@ -1161,51 +993,12 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid) pk->flags.disabled_valid = 1; leave: - /* set some flags direct from the key */ - if (main_pk->flags.revoked) - validity |= TRUST_FLAG_REVOKED; - if (main_pk != pk && pk->flags.revoked) - validity |= TRUST_FLAG_SUB_REVOKED; - /* Note: expiration is a trust value and not a flag - don't know why - * I initially designed it that way */ - if (main_pk->has_expired || pk->has_expired) - validity = (validity & ~TRUST_MASK) | TRUST_EXPIRED; - if (pending_check_trustdb) validity |= TRUST_FLAG_PENDING_CHECK; - if (main_pk != pk) - free_public_key (main_pk); return validity; } -int -get_validity_info (PKT_public_key *pk, PKT_user_id *uid) -{ - int trustlevel; - - if (!pk) - return '?'; /* Just in case a NULL PK is passed. */ - - trustlevel = get_validity (pk, uid); - if ( (trustlevel & TRUST_FLAG_REVOKED) ) - return 'r'; - return trust_letter (trustlevel); -} - -const char * -get_validity_string (PKT_public_key *pk, PKT_user_id *uid) -{ - int trustlevel; - - if (!pk) - return "err"; /* Just in case a NULL PK is passed. */ - - trustlevel = get_validity (pk, uid); - if( trustlevel & TRUST_FLAG_REVOKED ) - return _("revoked"); - return trust_value_to_string(trustlevel); -} static void get_validity_counts (PKT_public_key *pk, PKT_user_id *uid) @@ -1318,14 +1111,14 @@ ask_ownertrust (u32 *kid,int minimum) { log_info("force trust for key %s to %s\n", keystr(kid),trust_value_to_string(opt.force_ownertrust)); - update_ownertrust(pk,opt.force_ownertrust); + tdb_update_ownertrust (pk, opt.force_ownertrust); ot=opt.force_ownertrust; } else { ot=edit_ownertrust(pk,0); if(ot>0) - ot = get_ownertrust (pk); + ot = tdb_get_ownertrust (pk); else if(ot==0) ot = minimum?minimum:TRUST_UNDEFINED; else @@ -1427,365 +1220,6 @@ store_validation_status (int depth, KBNODE keyblock, KeyHashTable stored) do_sync (); } -/* - * check whether the signature sig is in the klist k - */ -static struct key_item * -is_in_klist (struct key_item *k, PKT_signature *sig) -{ - for (; k; k = k->next) - { - if (k->kid[0] == sig->keyid[0] && k->kid[1] == sig->keyid[1]) - return k; - } - return NULL; -} - -/* - * Mark the signature of the given UID which are used to certify it. - * To do this, we first revmove all signatures which are not valid and - * from the remain ones we look for the latest one. If this is not a - * certification revocation signature we mark the signature by setting - * node flag bit 8. Revocations are marked with flag 11, and sigs - * from unavailable keys are marked with flag 12. Note that flag bits - * 9 and 10 are used for internal purposes. - */ -static void -mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode, - u32 *main_kid, struct key_item *klist, - u32 curtime, u32 *next_expire) -{ - KBNODE node; - PKT_signature *sig; - - /* first check all signatures */ - for (node=uidnode->next; node; node = node->next) - { - int rc; - - node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12); - if (node->pkt->pkttype == PKT_USER_ID - || node->pkt->pkttype == PKT_PUBLIC_SUBKEY) - break; /* ready */ - if (node->pkt->pkttype != PKT_SIGNATURE) - continue; - sig = node->pkt->pkt.signature; - if (main_kid - && sig->keyid[0] == main_kid[0] && sig->keyid[1] == main_kid[1]) - continue; /* ignore self-signatures if we pass in a main_kid */ - if (!IS_UID_SIG(sig) && !IS_UID_REV(sig)) - continue; /* we only look at these signature classes */ - if(sig->sig_class>=0x11 && sig->sig_class<=0x13 && - sig->sig_class-0x10flag |= 1<<12; - continue; - } - node->flag |= 1<<9; - } - /* reset the remaining flags */ - for (; node; node = node->next) - node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12); - - /* kbnode flag usage: bit 9 is here set for signatures to consider, - * bit 10 will be set by the loop to keep track of keyIDs already - * processed, bit 8 will be set for the usable signatures, and bit - * 11 will be set for usable revocations. */ - - /* for each cert figure out the latest valid one */ - for (node=uidnode->next; node; node = node->next) - { - KBNODE n, signode; - u32 kid[2]; - u32 sigdate; - - if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) - break; - if ( !(node->flag & (1<<9)) ) - continue; /* not a node to look at */ - if ( (node->flag & (1<<10)) ) - continue; /* signature with a keyID already processed */ - node->flag |= (1<<10); /* mark this node as processed */ - sig = node->pkt->pkt.signature; - signode = node; - sigdate = sig->timestamp; - kid[0] = sig->keyid[0]; kid[1] = sig->keyid[1]; - - /* Now find the latest and greatest signature */ - for (n=uidnode->next; n; n = n->next) - { - if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY) - break; - if ( !(n->flag & (1<<9)) ) - continue; - if ( (n->flag & (1<<10)) ) - continue; /* shortcut already processed signatures */ - sig = n->pkt->pkt.signature; - if (kid[0] != sig->keyid[0] || kid[1] != sig->keyid[1]) - continue; - n->flag |= (1<<10); /* mark this node as processed */ - - /* If signode is nonrevocable and unexpired and n isn't, - then take signode (skip). It doesn't matter which is - older: if signode was older then we don't want to take n - as signode is nonrevocable. If n was older then we're - automatically fine. */ - - if(((IS_UID_SIG(signode->pkt->pkt.signature) && - !signode->pkt->pkt.signature->flags.revocable && - (signode->pkt->pkt.signature->expiredate==0 || - signode->pkt->pkt.signature->expiredate>curtime))) && - (!(IS_UID_SIG(n->pkt->pkt.signature) && - !n->pkt->pkt.signature->flags.revocable && - (n->pkt->pkt.signature->expiredate==0 || - n->pkt->pkt.signature->expiredate>curtime)))) - continue; - - /* If n is nonrevocable and unexpired and signode isn't, - then take n. Again, it doesn't matter which is older: if - n was older then we don't want to take signode as n is - nonrevocable. If signode was older then we're - automatically fine. */ - - if((!(IS_UID_SIG(signode->pkt->pkt.signature) && - !signode->pkt->pkt.signature->flags.revocable && - (signode->pkt->pkt.signature->expiredate==0 || - signode->pkt->pkt.signature->expiredate>curtime))) && - ((IS_UID_SIG(n->pkt->pkt.signature) && - !n->pkt->pkt.signature->flags.revocable && - (n->pkt->pkt.signature->expiredate==0 || - n->pkt->pkt.signature->expiredate>curtime)))) - { - signode = n; - sigdate = sig->timestamp; - continue; - } - - /* At this point, if it's newer, it goes in as the only - remaining possibilities are signode and n are both either - revocable or expired or both nonrevocable and unexpired. - If the timestamps are equal take the later ordered - packet, presuming that the key packets are hopefully in - their original order. */ - - if (sig->timestamp >= sigdate) - { - signode = n; - sigdate = sig->timestamp; - } - } - - sig = signode->pkt->pkt.signature; - if (IS_UID_SIG (sig)) - { /* this seems to be a usable one which is not revoked. - * Just need to check whether there is an expiration time, - * We do the expired certification after finding a suitable - * certification, the assumption is that a signator does not - * want that after the expiration of his certificate the - * system falls back to an older certification which has a - * different expiration time */ - const byte *p; - u32 expire; - - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL ); - expire = p? sig->timestamp + buffer_to_u32(p) : 0; - - if (expire==0 || expire > curtime ) - { - signode->flag |= (1<<8); /* yeah, found a good cert */ - if (next_expire && expire && expire < *next_expire) - *next_expire = expire; - } - } - else - signode->flag |= (1<<11); - } -} - -static int -clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only) -{ - int deleted=0; - KBNODE node; - u32 keyid[2]; - - assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY); - - keyid_from_pk(keyblock->pkt->pkt.public_key,keyid); - - /* Passing in a 0 for current time here means that we'll never weed - out an expired sig. This is correct behavior since we want to - keep the most recent expired sig in a series. */ - mark_usable_uid_certs(keyblock,uidnode,NULL,NULL,0,NULL); - - /* What we want to do here is remove signatures that are not - considered as part of the trust calculations. Thus, all invalid - signatures are out, as are any signatures that aren't the last of - a series of uid sigs or revocations It breaks down like this: - coming out of mark_usable_uid_certs, if a sig is unflagged, it is - not even a candidate. If a sig has flag 9 or 10, that means it - was selected as a candidate and vetted. If a sig has flag 8 it - is a usable signature. If a sig has flag 11 it is a usable - revocation. If a sig has flag 12 it was issued by an unavailable - key. "Usable" here means the most recent valid - signature/revocation in a series from a particular signer. - - Delete everything that isn't a usable uid sig (which might be - expired), a usable revocation, or a sig from an unavailable - key. */ - - for(node=uidnode->next; - node && node->pkt->pkttype==PKT_SIGNATURE; - node=node->next) - { - int keep=self_only?(node->pkt->pkt.signature->keyid[0]==keyid[0] - && node->pkt->pkt.signature->keyid[1]==keyid[1]):1; - - /* Keep usable uid sigs ... */ - if((node->flag & (1<<8)) && keep) - continue; - - /* ... and usable revocations... */ - if((node->flag & (1<<11)) && keep) - continue; - - /* ... and sigs from unavailable keys. */ - /* disabled for now since more people seem to want sigs from - unavailable keys removed altogether. */ - /* - if(node->flag & (1<<12)) - continue; - */ - - /* Everything else we delete */ - - /* At this point, if 12 is set, the signing key was unavailable. - If 9 or 10 is set, it's superseded. Otherwise, it's - invalid. */ - - if(noisy) - log_info("removing signature from key %s on user ID \"%s\": %s\n", - keystr(node->pkt->pkt.signature->keyid), - uidnode->pkt->pkt.user_id->name, - node->flag&(1<<12)?"key unavailable": - node->flag&(1<<9)?"signature superseded":"invalid signature"); - - delete_kbnode(node); - deleted++; - } - - return deleted; -} - -/* This is substantially easier than clean_sigs_from_uid since we just - have to establish if the uid has a valid self-sig, is not revoked, - and is not expired. Note that this does not take into account - whether the uid has a trust path to it - just whether the keyholder - themselves has certified the uid. Returns true if the uid was - compacted. To "compact" a user ID, we simply remove ALL signatures - except the self-sig that caused the user ID to be remove-worthy. - We don't actually remove the user ID packet itself since it might - be ressurected in a later merge. Note that this function requires - that the caller has already done a merge_keys_and_selfsig(). - - TODO: change the import code to allow importing a uid with only a - revocation if the uid already exists on the keyring. */ - -static int -clean_uid_from_key(KBNODE keyblock,KBNODE uidnode,int noisy) -{ - KBNODE node; - PKT_user_id *uid=uidnode->pkt->pkt.user_id; - int deleted=0; - - assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY); - assert(uidnode->pkt->pkttype==PKT_USER_ID); - - /* Skip valid user IDs, compacted user IDs, and non-self-signed user - IDs if --allow-non-selfsigned-uid is set. */ - if(uid->created || uid->flags.compacted - || (!uid->is_expired && !uid->is_revoked - && opt.allow_non_selfsigned_uid)) - return 0; - - for(node=uidnode->next; - node && node->pkt->pkttype==PKT_SIGNATURE; - node=node->next) - if(!node->pkt->pkt.signature->flags.chosen_selfsig) - { - delete_kbnode(node); - deleted=1; - uidnode->pkt->pkt.user_id->flags.compacted=1; - } - - if(noisy) - { - const char *reason; - char *user=utf8_to_native(uid->name,uid->len,0); - - if(uid->is_revoked) - reason=_("revoked"); - else if(uid->is_expired) - reason=_("expired"); - else - reason=_("invalid"); - - log_info("compacting user ID \"%s\" on key %s: %s\n", - user,keystr_from_pk(keyblock->pkt->pkt.public_key), - reason); - - xfree(user); - } - - return deleted; -} - -/* Needs to be called after a merge_keys_and_selfsig() */ -void -clean_one_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only, - int *uids_cleaned,int *sigs_cleaned) -{ - int dummy; - - assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY); - assert(uidnode->pkt->pkttype==PKT_USER_ID); - - if(!uids_cleaned) - uids_cleaned=&dummy; - - if(!sigs_cleaned) - sigs_cleaned=&dummy; - - /* Do clean_uid_from_key first since if it fires off, we don't - have to bother with the other */ - *uids_cleaned+=clean_uid_from_key(keyblock,uidnode,noisy); - if(!uidnode->pkt->pkt.user_id->flags.compacted) - *sigs_cleaned+=clean_sigs_from_uid(keyblock,uidnode,noisy,self_only); -} - -void -clean_key(KBNODE keyblock,int noisy,int self_only, - int *uids_cleaned,int *sigs_cleaned) -{ - KBNODE uidnode; - - merge_keys_and_selfsig(keyblock); - - for(uidnode=keyblock->next; - uidnode && uidnode->pkt->pkttype!=PKT_PUBLIC_SUBKEY; - uidnode=uidnode->next) - if(uidnode->pkt->pkttype==PKT_USER_ID) - clean_one_uid(keyblock,uidnode,noisy,self_only, - uids_cleaned,sigs_cleaned); -} /* Returns a sanitized copy of the regexp (which might be "", but not NULL). */ @@ -2449,10 +1883,10 @@ validate_keys (int interactive) k->kid[0]=kid[0]; k->kid[1]=kid[1]; k->ownertrust = - (get_ownertrust (kar->keyblock->pkt->pkt.public_key) - & TRUST_MASK); - k->min_ownertrust = - get_min_ownertrust(kar->keyblock->pkt->pkt.public_key); + (tdb_get_ownertrust + (kar->keyblock->pkt->pkt.public_key) & TRUST_MASK); + k->min_ownertrust = tdb_get_min_ownertrust + (kar->keyblock->pkt->pkt.public_key); k->trust_depth= kar->keyblock->pkt->pkt.public_key->trust_depth; k->trust_value= diff --git a/g10/trustdb.h b/g10/trustdb.h index 0a9ce335a..f190f72c1 100644 --- a/g10/trustdb.h +++ b/g10/trustdb.h @@ -38,30 +38,89 @@ #define NAMEHASH_LEN 20 + +/* + * A structure to store key identification as well as some stuff needed + * for validation + */ +struct key_item { + struct key_item *next; + unsigned int ownertrust,min_ownertrust; + byte trust_depth; + byte trust_value; + char *trust_regexp; + u32 kid[2]; +}; + + +/* + * Check whether the signature SIG is in the klist K. + */ +static inline struct key_item * +is_in_klist (struct key_item *k, PKT_signature *sig) +{ + for (; k; k = k->next) + { + if (k->kid[0] == sig->keyid[0] && k->kid[1] == sig->keyid[1]) + return k; + } + return NULL; +} + + + +/*-- trust.c --*/ +int cache_disabled_value (PKT_public_key *pk); +void register_trusted_keyid (u32 *keyid); +void register_trusted_key (const char *string); + +const char *trust_value_to_string (unsigned int value); +int string_to_trust_value (const char *str); +const char *uid_trust_string_fixed (PKT_public_key *key, PKT_user_id *uid); + +unsigned int get_ownertrust (PKT_public_key *pk); +void update_ownertrust (PKT_public_key *pk, unsigned int new_trust); +int clear_ownertrusts (PKT_public_key *pk); + +void revalidation_mark (void); +void check_trustdb_stale (void); +void check_or_update_trustdb (void); + +unsigned int get_validity (PKT_public_key *pk, PKT_user_id *uid); +int get_validity_info (PKT_public_key *pk, PKT_user_id *uid); +const char *get_validity_string (PKT_public_key *pk, PKT_user_id *uid); + +void mark_usable_uid_certs (kbnode_t keyblock, kbnode_t uidnode, + u32 *main_kid, struct key_item *klist, + u32 curtime, u32 *next_expire); + +void clean_one_uid (kbnode_t keyblock, kbnode_t uidnode, + int noisy, int self_only, + int *uids_cleaned, int *sigs_cleaned); +void clean_key (kbnode_t keyblock, int noisy, int self_only, + int *uids_cleaned,int *sigs_cleaned); + + + /*-- trustdb.c --*/ -void register_trusted_keyid(u32 *keyid); -void register_trusted_key( const char *string ); +void tdb_register_trusted_keyid (u32 *keyid); +void tdb_register_trusted_key (const char *string); void check_trustdb (void); void update_trustdb (void); int setup_trustdb( int level, const char *dbname ); void how_to_fix_the_trustdb (void); void init_trustdb( void ); -void check_trustdb_stale(void); +void tdb_check_trustdb_stale (void); void sync_trustdb( void ); -const char *uid_trust_string_fixed(PKT_public_key *key,PKT_user_id *uid); -const char *trust_value_to_string (unsigned int value); -int string_to_trust_value (const char *str); - -void revalidation_mark (void); +void tdb_revalidation_mark (void); int trustdb_pending_check(void); -void trustdb_check_or_update(void); +void tdb_check_or_update (void); -int cache_disabled_value(PKT_public_key *pk); +int tdb_cache_disabled_value (PKT_public_key *pk); -unsigned int get_validity (PKT_public_key *pk, PKT_user_id *uid); -int get_validity_info (PKT_public_key *pk, PKT_user_id *uid); -const char *get_validity_string (PKT_public_key *pk, PKT_user_id *uid); +unsigned int tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid, + PKT_public_key *main_pk); void list_trust_path( const char *username ); int enum_cert_paths( void **context, ulong *lid, @@ -73,18 +132,13 @@ void read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck, byte *marginals,byte *completes,byte *cert_depth, byte *min_cert_level); -unsigned int get_ownertrust (PKT_public_key *pk); -unsigned int get_min_ownertrust (PKT_public_key *pk); +unsigned int tdb_get_ownertrust (PKT_public_key *pk); +unsigned int tdb_get_min_ownertrust (PKT_public_key *pk); int get_ownertrust_info (PKT_public_key *pk); const char *get_ownertrust_string (PKT_public_key *pk); -void update_ownertrust (PKT_public_key *pk, unsigned int new_trust ); -int clear_ownertrusts (PKT_public_key *pk); - -void clean_one_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only, - int *uids_cleaned,int *sigs_cleaned); -void clean_key(KBNODE keyblock,int noisy,int self_only, - int *uids_cleaned,int *sigs_cleaned); +void tdb_update_ownertrust (PKT_public_key *pk, unsigned int new_trust); +int tdb_clear_ownertrusts (PKT_public_key *pk); /*-- tdbdump.c --*/ void list_trustdb(const char *username); diff --git a/tests/openpgp/armencrypt.test b/tests/openpgp/armencrypt.test index df3729410..ce1067e6b 100755 --- a/tests/openpgp/armencrypt.test +++ b/tests/openpgp/armencrypt.test @@ -12,7 +12,7 @@ #info Checking armored encryption for i in $plain_files $data_files ; do - $GPG --always-trust -ea -o x --yes -r "$usrname2" $i + $GPG ${opt_always} -ea -o x --yes -r "$usrname2" $i $GPG -o y --yes x cmp $i y || error "$i: mismatch" done diff --git a/tests/openpgp/armencryptp.test b/tests/openpgp/armencryptp.test index 9246b6d27..dfebb4827 100755 --- a/tests/openpgp/armencryptp.test +++ b/tests/openpgp/armencryptp.test @@ -12,7 +12,7 @@ #info Checking armored encryption with a pipe for i in $plain_files $data_files ; do - $GPG --always-trust -ea --yes -r "$usrname2" < $i | tee x | $GPG -o y --yes + $GPG ${opt_always} -ea --yes -r "$usrname2" < $i | tee x | $GPG -o y --yes cmp $i y || error "$i: mismatch" $GPG --yes < x > y cmp $i y || error "$i: mismatch" diff --git a/tests/openpgp/armsignencrypt.test b/tests/openpgp/armsignencrypt.test index 5b392df27..c50a12dc1 100755 --- a/tests/openpgp/armsignencrypt.test +++ b/tests/openpgp/armsignencrypt.test @@ -13,7 +13,7 @@ #info Checking armored signing and encryption for i in $plain_files $data_files ; do - echo "$usrpass1" | $GPG --passphrase-fd 0 --always-trust \ + echo "$usrpass1" | $GPG --passphrase-fd 0 ${opt_always} \ -sae -o x --yes -r "$usrname2" $i $GPG -o y --yes x cmp $i y || error "$i: mismatch" diff --git a/tests/openpgp/defs.inc b/tests/openpgp/defs.inc index 49e085e8a..008d32a43 100755 --- a/tests/openpgp/defs.inc +++ b/tests/openpgp/defs.inc @@ -226,6 +226,15 @@ PINENTRY="$(cd $srcdir && /bin/pwd)/pinentry.sh" # Default to empty passphrase for pinentry.sh PINENTRY_USER_DATA= +# If --check-trustdb is not an option, GPG has been build without +# trust model support. Thus we can't use --always-trust and some +# other options. +if $GPG --dump-options | grep '^--check-trustdb$' >/dev/null ; then + opt_always="--always-trust" +else + opt_always= +fi + # Make sure we have a valid option files even with VPATH builds. for f in gpg.conf gpg-agent.conf ; do if [ -f ./$f ]; then @@ -234,8 +243,10 @@ for f in gpg.conf gpg-agent.conf ; do cat $srcdir/$f.tmpl >$f case "$f" in gpg.conf) + [ -n "${opt_always}" ] && echo "no-auto-check-trustdb" >>"$f" echo "agent-program $GPG_AGENT" >>"$f" - ;; + + ;; gpg-agent.conf) echo "pinentry-program $PINENTRY" >>"$f" ;; diff --git a/tests/openpgp/ecc.test b/tests/openpgp/ecc.test index 01e1e0617..062a1ae0f 100755 --- a/tests/openpgp/ecc.test +++ b/tests/openpgp/ecc.test @@ -203,7 +203,7 @@ info "Checking ECC encryption and decryption." for i in $plain_files $data_files ; do for k in $mainkeyids ; do info "file: $i key: $k" - $GPG --always-trust -e -o x --yes -r $k $i + $GPG ${opt_always} -e -o x --yes -r $k $i $GPG -o y --yes x cmp $i y || error "$i,$k: mismatch" done diff --git a/tests/openpgp/encrypt-dsa.test b/tests/openpgp/encrypt-dsa.test index 8ae93d817..7ce670ee0 100755 --- a/tests/openpgp/encrypt-dsa.test +++ b/tests/openpgp/encrypt-dsa.test @@ -12,7 +12,7 @@ #info Checking encryption for i in $plain_files $data_files ; do - $GPG --always-trust -e -o x --yes -r "$dsa_usrname2" $i + $GPG ${opt_always} -e -o x --yes -r "$dsa_usrname2" $i $GPG -o y --yes x cmp $i y || error "$i: mismatch" done @@ -20,7 +20,7 @@ done for ca in `all_cipher_algos` ; do progress "$ca" for i in $plain_files $data_files ; do - $GPG --always-trust --cipher-algo $ca -e \ + $GPG ${opt_always} --cipher-algo $ca -e \ -o x --yes -r "$dsa_usrname2" $i $GPG -o y --yes x cmp $i y || error "$i: mismatch" diff --git a/tests/openpgp/encrypt.test b/tests/openpgp/encrypt.test index 5ef5196d8..295a6c3a9 100755 --- a/tests/openpgp/encrypt.test +++ b/tests/openpgp/encrypt.test @@ -12,7 +12,7 @@ #info Checking encryption for i in $plain_files $data_files ; do - $GPG --always-trust -e -o x --yes -r "$usrname2" $i + $GPG ${opt_always} -e -o x --yes -r "$usrname2" $i $GPG -o y --yes x cmp $i y || error "$i: mismatch" done @@ -21,7 +21,7 @@ echo_n " > " for ca in `all_cipher_algos` ; do echo_n "$ca " for i in $plain_files $data_files ; do - $GPG --always-trust -e -o x --yes -r "$usrname2" --cipher-algo $ca $i + $GPG ${opt_always} -e -o x --yes -r "$usrname2" --cipher-algo $ca $i $GPG -o y --yes x cmp $i y || error "$i: mismatch" done diff --git a/tests/openpgp/encryptp.test b/tests/openpgp/encryptp.test index 984f56ab8..3ad7119dd 100755 --- a/tests/openpgp/encryptp.test +++ b/tests/openpgp/encryptp.test @@ -12,7 +12,7 @@ #info Checking encryption with a pipe for i in $plain_files $data_files ; do - $GPG --always-trust -e --yes -r "$usrname2" <$i | $GPG --yes > y + $GPG ${opt_always} -e --yes -r "$usrname2" <$i | $GPG --yes > y cmp $i y || error "$i: mismatch" done diff --git a/tests/openpgp/gpg.conf.tmpl b/tests/openpgp/gpg.conf.tmpl index 7060a6610..19f31808a 100644 --- a/tests/openpgp/gpg.conf.tmpl +++ b/tests/openpgp/gpg.conf.tmpl @@ -2,4 +2,3 @@ no-greeting no-secmem-warning no-permission-warning batch -no-auto-check-trustdb diff --git a/tests/openpgp/seat.test b/tests/openpgp/seat.test index 8a5f39904..b400e72dc 100755 --- a/tests/openpgp/seat.test +++ b/tests/openpgp/seat.test @@ -11,7 +11,7 @@ . $srcdir/defs.inc || exit 3 for i in $plain_files ; do - echo "$usrpass1" | $GPG --passphrase-fd 0 --always-trust -seat \ + echo "$usrpass1" | $GPG --passphrase-fd 0 ${opt_always} -seat \ -r two@example.com -o x --yes $i $GPG -o y --yes x cmp $i y || error "$i: mismatch" diff --git a/tests/openpgp/signencrypt-dsa.test b/tests/openpgp/signencrypt-dsa.test index dd724c97e..2fb2bb1aa 100755 --- a/tests/openpgp/signencrypt-dsa.test +++ b/tests/openpgp/signencrypt-dsa.test @@ -12,7 +12,7 @@ #info Checking signing and encryption for DSA for i in $plain_files $data_files ; do - $GPG --always-trust -se -o x --yes \ + $GPG ${opt_always} -se -o x --yes \ -u "$dsa_usrname1" -r "$dsa_usrname2" $i $GPG -o y --yes x cmp $i y || error "$i: mismatch" @@ -27,7 +27,7 @@ fi for da in $algos; do for i in $plain_files; do - $GPG --always-trust -se -o x --yes --digest-algo $da \ + $GPG ${opt_always} -se -o x --yes --digest-algo $da \ -u "$dsa_usrname1" -r "$dsa_usrname2" $i $GPG -o y --yes x cmp $i y || error "$i: mismatch" diff --git a/tests/openpgp/signencrypt.test b/tests/openpgp/signencrypt.test index 8ccbaf7ca..5644befa7 100755 --- a/tests/openpgp/signencrypt.test +++ b/tests/openpgp/signencrypt.test @@ -13,7 +13,7 @@ info "Checking signing and encryption" for i in $plain_files $data_files ; do - echo "$usrpass1" | $GPG --passphrase-fd 0 --always-trust \ + echo "$usrpass1" | $GPG --passphrase-fd 0 ${opt_always} \ -se -o x --yes -r "$usrname2" $i $GPG -o y --yes x cmp $i y || error "$i: mismatch"