mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-23 15:07:03 +01:00
* pkclist.c (do_we_trust): Tweak language to refer to the "named
user" rather than "owner". Noted by Stefan Bellon. * trustdb.h, trustdb.c (trustdb_pending_check): New function to check if the trustdb needs a check. * import.c (import_keys_internal): Used here so we don't rebuild the trustdb if it is still clean. (import_one, chk_self_sigs): Only mark trustdb dirty if the key that is being imported has any sigs other than self-sigs. Suggested by Adrian von Bidder. * options.skel: Include the required '=' sign in the sample 'group' option. Noted by Stefan Bellon. * import.c (chk_self_sigs): Don't try and check a subkey as if it was a signature.
This commit is contained in:
parent
eb9607707e
commit
6a4bd944a8
@ -1,3 +1,23 @@
|
|||||||
|
2002-12-13 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* pkclist.c (do_we_trust): Tweak language to refer to the "named
|
||||||
|
user" rather than "owner". Noted by Stefan Bellon.
|
||||||
|
|
||||||
|
* trustdb.h, trustdb.c (trustdb_pending_check): New function to
|
||||||
|
check if the trustdb needs a check.
|
||||||
|
|
||||||
|
* import.c (import_keys_internal): Used here so we don't rebuild
|
||||||
|
the trustdb if it is still clean.
|
||||||
|
(import_one, chk_self_sigs): Only mark trustdb dirty if the key
|
||||||
|
that is being imported has any sigs other than self-sigs.
|
||||||
|
Suggested by Adrian von Bidder.
|
||||||
|
|
||||||
|
* options.skel: Include the required '=' sign in the sample
|
||||||
|
'group' option. Noted by Stefan Bellon.
|
||||||
|
|
||||||
|
* import.c (chk_self_sigs): Don't try and check a subkey as if it
|
||||||
|
was a signature.
|
||||||
|
|
||||||
2002-12-11 David Shaw <dshaw@jabberwocky.com>
|
2002-12-11 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
* tdbio.c (tdbio_read_record, tdbio_write_record): Compact the
|
* tdbio.c (tdbio_read_record, tdbio_write_record): Compact the
|
||||||
|
40
g10/import.c
40
g10/import.c
@ -68,7 +68,7 @@ static int import_secret_one( const char *fname, KBNODE keyblock,
|
|||||||
static int import_revoke_cert( const char *fname, KBNODE node,
|
static int import_revoke_cert( const char *fname, KBNODE node,
|
||||||
struct stats_s *stats);
|
struct stats_s *stats);
|
||||||
static int chk_self_sigs( const char *fname, KBNODE keyblock,
|
static int chk_self_sigs( const char *fname, KBNODE keyblock,
|
||||||
PKT_public_key *pk, u32 *keyid );
|
PKT_public_key *pk, u32 *keyid, int *non_self );
|
||||||
static int delete_inv_parts( const char *fname, KBNODE keyblock,
|
static int delete_inv_parts( const char *fname, KBNODE keyblock,
|
||||||
u32 *keyid, unsigned int options );
|
u32 *keyid, unsigned int options );
|
||||||
static int merge_blocks( const char *fname, KBNODE keyblock_orig,
|
static int merge_blocks( const char *fname, KBNODE keyblock_orig,
|
||||||
@ -213,18 +213,19 @@ import_keys_internal( IOBUF inp, char **fnames, int nnames,
|
|||||||
import_print_stats (stats);
|
import_print_stats (stats);
|
||||||
import_release_stats_handle (stats);
|
import_release_stats_handle (stats);
|
||||||
}
|
}
|
||||||
/* If no fast import and we really added new keys or merged new
|
/* If no fast import and the trustdb is dirty (i.e. we added a key
|
||||||
user ids, signatures or revocations, then update/check the
|
or userID that had something other than a selfsig, a signature
|
||||||
trustdb if the user specified by setting interactive or by
|
that was other than a selfsig, or any revocation), then
|
||||||
not setting no-auto-check-trustdb */
|
update/check the trustdb if the user specified by setting
|
||||||
if (!(options&IMPORT_FAST_IMPORT) &&
|
interactive or by not setting no-auto-check-trustdb */
|
||||||
(stats->imported || stats->n_uids ||
|
if (!(options&IMPORT_FAST_IMPORT) && trustdb_pending_check())
|
||||||
stats->n_sigs || stats->n_revoc)) {
|
{
|
||||||
if (opt.interactive)
|
if (opt.interactive)
|
||||||
update_trustdb();
|
update_trustdb();
|
||||||
else if (!opt.no_auto_check_trustdb)
|
else if (!opt.no_auto_check_trustdb)
|
||||||
check_trustdb();
|
check_trustdb();
|
||||||
}
|
}
|
||||||
|
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -573,6 +574,7 @@ import_one( const char *fname, KBNODE keyblock,
|
|||||||
int rc = 0;
|
int rc = 0;
|
||||||
int new_key = 0;
|
int new_key = 0;
|
||||||
int mod_key = 0;
|
int mod_key = 0;
|
||||||
|
int non_self = 0;
|
||||||
|
|
||||||
/* get the key and print some info about it */
|
/* get the key and print some info about it */
|
||||||
node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
|
node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
|
||||||
@ -617,7 +619,7 @@ import_one( const char *fname, KBNODE keyblock,
|
|||||||
log_info(_("key %08lX: HKP subkey corruption repaired\n"),
|
log_info(_("key %08lX: HKP subkey corruption repaired\n"),
|
||||||
(ulong)keyid[1]);
|
(ulong)keyid[1]);
|
||||||
|
|
||||||
rc = chk_self_sigs( fname, keyblock , pk, keyid );
|
rc = chk_self_sigs( fname, keyblock , pk, keyid, &non_self );
|
||||||
if( rc )
|
if( rc )
|
||||||
return rc== -1? 0:rc;
|
return rc== -1? 0:rc;
|
||||||
|
|
||||||
@ -680,7 +682,8 @@ import_one( const char *fname, KBNODE keyblock,
|
|||||||
be made to happen with the trusted-key command. */
|
be made to happen with the trusted-key command. */
|
||||||
|
|
||||||
clear_ownertrusts (pk);
|
clear_ownertrusts (pk);
|
||||||
revalidation_mark ();
|
if(non_self)
|
||||||
|
revalidation_mark ();
|
||||||
}
|
}
|
||||||
keydb_release (hd);
|
keydb_release (hd);
|
||||||
|
|
||||||
@ -757,7 +760,7 @@ import_one( const char *fname, KBNODE keyblock,
|
|||||||
if (rc)
|
if (rc)
|
||||||
log_error (_("error writing keyring `%s': %s\n"),
|
log_error (_("error writing keyring `%s': %s\n"),
|
||||||
keydb_get_resource_name (hd), g10_errstr(rc) );
|
keydb_get_resource_name (hd), g10_errstr(rc) );
|
||||||
else
|
else if(non_self)
|
||||||
revalidation_mark ();
|
revalidation_mark ();
|
||||||
|
|
||||||
/* we are ready */
|
/* we are ready */
|
||||||
@ -1093,10 +1096,12 @@ import_revoke_cert( const char *fname, KBNODE node, struct stats_s *stats )
|
|||||||
* Mark all user-ids with an invalid self-signature by setting bit 1.
|
* Mark all user-ids with an invalid self-signature by setting bit 1.
|
||||||
* This works also for subkeys, here the subkey is marked. Invalid or
|
* This works also for subkeys, here the subkey is marked. Invalid or
|
||||||
* extra subkey sigs (binding or revocation) are marked for deletion.
|
* extra subkey sigs (binding or revocation) are marked for deletion.
|
||||||
|
* non_self is set to true if there are any sigs other than self-sigs
|
||||||
|
* in this keyblock.
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
chk_self_sigs( const char *fname, KBNODE keyblock,
|
chk_self_sigs( const char *fname, KBNODE keyblock,
|
||||||
PKT_public_key *pk, u32 *keyid )
|
PKT_public_key *pk, u32 *keyid, int *non_self )
|
||||||
{
|
{
|
||||||
KBNODE n,knode=NULL;
|
KBNODE n,knode=NULL;
|
||||||
PKT_signature *sig;
|
PKT_signature *sig;
|
||||||
@ -1112,6 +1117,7 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
|
|||||||
rsdate=0;
|
rsdate=0;
|
||||||
bsnode=NULL;
|
bsnode=NULL;
|
||||||
rsnode=NULL;
|
rsnode=NULL;
|
||||||
|
continue;
|
||||||
}
|
}
|
||||||
else if( n->pkt->pkttype != PKT_SIGNATURE )
|
else if( n->pkt->pkttype != PKT_SIGNATURE )
|
||||||
continue;
|
continue;
|
||||||
@ -1230,6 +1236,8 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
*non_self=1;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -63,7 +63,7 @@ $Id$
|
|||||||
#charset utf-8
|
#charset utf-8
|
||||||
|
|
||||||
# Group names may be defined like this:
|
# Group names may be defined like this:
|
||||||
# group mynames paige 0x12345678 joe patti
|
# group mynames = paige 0x12345678 joe patti
|
||||||
#
|
#
|
||||||
# Any time "mynames" is a recipient (-r or --recipient), it will be
|
# Any time "mynames" is a recipient (-r or --recipient), it will be
|
||||||
# expanded to the names "paige", "joe", and "patti", and the key ID
|
# expanded to the names "paige", "joe", and "patti", and the key ID
|
||||||
@ -72,7 +72,7 @@ $Id$
|
|||||||
# if there are spaces in the recipient name, this will appear as two
|
# if there are spaces in the recipient name, this will appear as two
|
||||||
# recipients. In these cases it is better to use the key ID.
|
# recipients. In these cases it is better to use the key ID.
|
||||||
|
|
||||||
#group mynames paige 0x12345678 joe patti
|
#group mynames = paige 0x12345678 joe patti
|
||||||
|
|
||||||
# Lock the file only once for the lifetime of a process. If you do
|
# Lock the file only once for the lifetime of a process. If you do
|
||||||
# not define this, the lock will be obtained and released every time
|
# not define this, the lock will be obtained and released every time
|
||||||
|
@ -493,25 +493,24 @@ do_we_trust( PKT_public_key *pk, unsigned int *trustlevel )
|
|||||||
/* fall thru */
|
/* fall thru */
|
||||||
case TRUST_UNKNOWN:
|
case TRUST_UNKNOWN:
|
||||||
case TRUST_UNDEFINED:
|
case TRUST_UNDEFINED:
|
||||||
log_info(_("%08lX: There is no indication that this key "
|
log_info(_("%08lX: There is no assurance this key belongs "
|
||||||
"really belongs to the owner\n"),
|
"to the named user\n"),(ulong)keyid_from_pk( pk, NULL) );
|
||||||
(ulong)keyid_from_pk( pk, NULL) );
|
|
||||||
return 0; /* no */
|
return 0; /* no */
|
||||||
|
|
||||||
|
/* No way to get here? */
|
||||||
case TRUST_NEVER:
|
case TRUST_NEVER:
|
||||||
log_info(_("%08lX: We do NOT trust this key\n"),
|
log_info(_("%08lX: We do NOT trust this key\n"),
|
||||||
(ulong)keyid_from_pk( pk, NULL) );
|
(ulong)keyid_from_pk( pk, NULL) );
|
||||||
return 0; /* no */
|
return 0; /* no */
|
||||||
|
|
||||||
case TRUST_MARGINAL:
|
case TRUST_MARGINAL:
|
||||||
log_info(
|
log_info(_("%08lX: There is limited assurance this key belongs "
|
||||||
_("%08lX: It is not sure that this key really belongs to the owner\n"
|
"to the named user\n"),(ulong)keyid_from_pk(pk,NULL));
|
||||||
"but it is accepted anyway\n"), (ulong)keyid_from_pk( pk, NULL) );
|
|
||||||
return 1; /* yes */
|
return 1; /* yes */
|
||||||
|
|
||||||
case TRUST_FULLY:
|
case TRUST_FULLY:
|
||||||
if( opt.verbose )
|
if( opt.verbose )
|
||||||
log_info(_("This key probably belongs to the owner\n"));
|
log_info(_("This key probably belongs to the named user\n"));
|
||||||
return 1; /* yes */
|
return 1; /* yes */
|
||||||
|
|
||||||
case TRUST_ULTIMATE:
|
case TRUST_ULTIMATE:
|
||||||
|
@ -551,6 +551,12 @@ revalidation_mark (void)
|
|||||||
pending_check_trustdb = 1;
|
pending_check_trustdb = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
trustdb_pending_check(void)
|
||||||
|
{
|
||||||
|
return pending_check_trustdb;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/***********************************************
|
/***********************************************
|
||||||
*********** Ownertrust et al. ****************
|
*********** Ownertrust et al. ****************
|
||||||
|
@ -49,6 +49,7 @@ int trust_letter( unsigned value );
|
|||||||
const char *trust_string (unsigned int value);
|
const char *trust_string (unsigned int value);
|
||||||
|
|
||||||
void revalidation_mark (void);
|
void revalidation_mark (void);
|
||||||
|
int trustdb_pending_check(void);
|
||||||
|
|
||||||
unsigned int get_validity (PKT_public_key *pk, const byte *namehash);
|
unsigned int get_validity (PKT_public_key *pk, const byte *namehash);
|
||||||
int get_validity_info (PKT_public_key *pk, const byte *namehash);
|
int get_validity_info (PKT_public_key *pk, const byte *namehash);
|
||||||
|
Loading…
x
Reference in New Issue
Block a user