* pkclist.c (do_we_trust): Tweak language to refer to the "named

user" rather than "owner".  Noted by Stefan Bellon.

* trustdb.h, trustdb.c (trustdb_pending_check): New function to
check if the trustdb needs a check.

* import.c (import_keys_internal): Used here so we don't rebuild
the trustdb if it is still clean.
(import_one, chk_self_sigs): Only mark trustdb dirty if the key
that is being imported has any sigs other than self-sigs.
Suggested by Adrian von Bidder.

* options.skel: Include the required '=' sign in the sample
'group' option.  Noted by Stefan Bellon.

* import.c (chk_self_sigs): Don't try and check a subkey as if it
was a signature.

g10/ChangeLog

@@ -1,3 +1,23 @@
+2002-12-13  David Shaw  <dshaw@jabberwocky.com>
+
+	* pkclist.c (do_we_trust): Tweak language to refer to the "named
+	user" rather than "owner".  Noted by Stefan Bellon.
+
+	* trustdb.h, trustdb.c (trustdb_pending_check): New function to
+	check if the trustdb needs a check.
+
+	* import.c (import_keys_internal): Used here so we don't rebuild
+	the trustdb if it is still clean.
+	(import_one, chk_self_sigs): Only mark trustdb dirty if the key
+	that is being imported has any sigs other than self-sigs.
+	Suggested by Adrian von Bidder.
+
+	* options.skel: Include the required '=' sign in the sample
+	'group' option.  Noted by Stefan Bellon.
+
+	* import.c (chk_self_sigs): Don't try and check a subkey as if it
+	was a signature.
+
 2002-12-11  David Shaw  <dshaw@jabberwocky.com>
 
 	* tdbio.c (tdbio_read_record, tdbio_write_record): Compact the

g10/import.c

@@ -68,7 +68,7 @@ static int import_secret_one( const char *fname, KBNODE keyblock,
 static int import_revoke_cert( const char *fname, KBNODE node,
                                struct stats_s *stats);
 static int chk_self_sigs( const char *fname, KBNODE keyblock,
-			  PKT_public_key *pk, u32 *keyid );
+			  PKT_public_key *pk, u32 *keyid, int *non_self );
 static int delete_inv_parts( const char *fname, KBNODE keyblock,
 			     u32 *keyid, unsigned int options );
 static int merge_blocks( const char *fname, KBNODE keyblock_orig,
@@ -213,18 +213,19 @@ import_keys_internal( IOBUF inp, char **fnames, int nnames,
         import_print_stats (stats);
         import_release_stats_handle (stats);
     }
-    /* If no fast import and we really added new keys or merged new
+    /* If no fast import and the trustdb is dirty (i.e. we added a key
-       user ids, signatures or revocations, then update/check the
+       or userID that had something other than a selfsig, a signature
-       trustdb if the user specified by setting interactive or by
+       that was other than a selfsig, or any revocation), then
-       not setting no-auto-check-trustdb */
+       update/check the trustdb if the user specified by setting
-    if (!(options&IMPORT_FAST_IMPORT) &&
+       interactive or by not setting no-auto-check-trustdb */
-         (stats->imported || stats->n_uids ||
+    if (!(options&IMPORT_FAST_IMPORT) && trustdb_pending_check())
-          stats->n_sigs || stats->n_revoc)) {
+      {
 	if (opt.interactive)
 	  update_trustdb();
 	else if (!opt.no_auto_check_trustdb)
 	  check_trustdb();
       }
+
     return rc;
 }
 
@@ -573,6 +574,7 @@ import_one( const char *fname, KBNODE keyblock,
     int rc = 0;
     int new_key = 0;
     int mod_key = 0;
+    int non_self = 0;
 
     /* get the key and print some info about it */
     node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
@@ -617,7 +619,7 @@ import_one( const char *fname, KBNODE keyblock,
       log_info(_("key %08lX: HKP subkey corruption repaired\n"),
 	       (ulong)keyid[1]);
 
-    rc = chk_self_sigs( fname, keyblock , pk, keyid );
+    rc = chk_self_sigs( fname, keyblock , pk, keyid, &non_self );
     if( rc )
 	return rc== -1? 0:rc;
 
@@ -680,6 +682,7 @@ import_one( const char *fname, KBNODE keyblock,
 	       be made to happen with the trusted-key command. */
 
 	    clear_ownertrusts (pk);
+	    if(non_self)
 	      revalidation_mark ();
 	  }
         keydb_release (hd);
@@ -757,7 +760,7 @@ import_one( const char *fname, KBNODE keyblock,
             if (rc)
 		log_error (_("error writing keyring `%s': %s\n"),
 			     keydb_get_resource_name (hd), g10_errstr(rc) );
-	    else
+	    else if(non_self)
 	      revalidation_mark ();
 
 	    /* we are ready */
@@ -1093,10 +1096,12 @@ import_revoke_cert( const char *fname, KBNODE node, struct stats_s *stats )
  * Mark all user-ids with an invalid self-signature by setting bit 1.
  * This works also for subkeys, here the subkey is marked.  Invalid or
  * extra subkey sigs (binding or revocation) are marked for deletion.
+ * non_self is set to true if there are any sigs other than self-sigs
+ * in this keyblock.
  */
 static int
 chk_self_sigs( const char *fname, KBNODE keyblock,
-	       PKT_public_key *pk, u32 *keyid )
+	       PKT_public_key *pk, u32 *keyid, int *non_self )
 {
     KBNODE n,knode=NULL;
     PKT_signature *sig;
@@ -1112,6 +1117,7 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
 	  rsdate=0;
 	  bsnode=NULL;
 	  rsnode=NULL;
+	  continue;
 	}
       else if( n->pkt->pkttype != PKT_SIGNATURE )
 	    continue;
@@ -1230,6 +1236,8 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
 		}
 	    }
 	}
+	else
+	  *non_self=1;
     }
 
     return 0;

g10/options.skel

@@ -63,7 +63,7 @@ $Id$
 #charset utf-8
 
 # Group names may be defined like this:
-#   group mynames paige 0x12345678 joe patti
+#   group mynames = paige 0x12345678 joe patti
 #
 # Any time "mynames" is a recipient (-r or --recipient), it will be
 # expanded to the names "paige", "joe", and "patti", and the key ID
@@ -72,7 +72,7 @@ $Id$
 # if there are spaces in the recipient name, this will appear as two
 # recipients.  In these cases it is better to use the key ID.
 
-#group mynames paige 0x12345678 joe patti
+#group mynames = paige 0x12345678 joe patti
 
 # Lock the file only once for the lifetime of a process.  If you do
 # not define this, the lock will be obtained and released every time

g10/pkclist.c

@@ -493,25 +493,24 @@ do_we_trust( PKT_public_key *pk, unsigned int *trustlevel )
          /* fall thru */
       case TRUST_UNKNOWN: 
       case TRUST_UNDEFINED:
-        log_info(_("%08lX: There is no indication that this key "
+        log_info(_("%08lX: There is no assurance this key belongs "
-                   "really belongs to the owner\n"),
+		   "to the named user\n"),(ulong)keyid_from_pk( pk, NULL) );
-                 (ulong)keyid_from_pk( pk, NULL) );
 	return 0; /* no */
 
+	/* No way to get here? */
       case TRUST_NEVER:
 	log_info(_("%08lX: We do NOT trust this key\n"),
 					(ulong)keyid_from_pk( pk, NULL) );
 	return 0; /* no */
 
       case TRUST_MARGINAL:
-	log_info(
+	log_info(_("%08lX: There is limited assurance this key belongs "
-       _("%08lX: It is not sure that this key really belongs to the owner\n"
+		   "to the named user\n"),(ulong)keyid_from_pk(pk,NULL));
-	 "but it is accepted anyway\n"), (ulong)keyid_from_pk( pk, NULL) );
 	return 1; /* yes */
 
       case TRUST_FULLY:
 	if( opt.verbose )
-	    log_info(_("This key probably belongs to the owner\n"));
+	    log_info(_("This key probably belongs to the named user\n"));
 	return 1; /* yes */
 
       case TRUST_ULTIMATE:

g10/trustdb.c

@@ -551,6 +551,12 @@ revalidation_mark (void)
   pending_check_trustdb = 1;
 }
 
+int
+trustdb_pending_check(void)
+{
+  return pending_check_trustdb;
+}
+
 
 /***********************************************
  ***********  Ownertrust et al. ****************

g10/trustdb.h

@@ -49,6 +49,7 @@ int trust_letter( unsigned value );
 const char *trust_string (unsigned int value);
 
 void revalidation_mark (void);
+int trustdb_pending_check(void);
 
 unsigned int get_validity (PKT_public_key *pk, const byte *namehash);
 int get_validity_info (PKT_public_key *pk, const byte *namehash);