agent: Add trustlist flag "de-vs".

* agent/trustlist.c (struct trustitem_s): Add field de_vs. (read_one_trustfile): Parse it. (istrusted_internal): Emit TRUSTLISTFLAG status line. * sm/gpgsm.h (struct rootca_flags_s): Add field de_vs. * sm/call-agent.c (istrusted_status_cb): Detect the flags. * sm/sign.c (write_detached_signature): Remove unused vars. -- Right now this flag has no effect; we first need to specify the exact behaviour. GnuPG-bug-id: 5079 (cherry picked from commit a5360ae4c7)
2025-07-03 22:56:33 +02:00 · 2023-04-03 14:06:36 +02:00 · 2023-04-03 14:06:36 +02:00 · 6d45fcdd3c
commit 6d45fcdd3c
parent 7e320a89c2
4 changed files with 15 additions and 1 deletions
--- a/agent/trustlist.c
+++ b/agent/trustlist.c
@ -46,6 +46,7 @@ struct trustitem_s
                             constraints. */
    int cm:1;             /* Use chain model for validation. */
    int qual:1;           /* Root CA for qualified signatures.  */
+    int de_vs:1;          /* Root CA for de-vs compliant PKI.    */
  } flags;
  unsigned char fpr[20];  /* The binary fingerprint. */
 };
@ -325,6 +326,8 @@ read_one_trustfile (const char *fname, int systrust,
            ti->flags.cm = 1;
          else if (n == 4 && !memcmp (p, "qual", 4) && systrust)
            ti->flags.qual = 1;
+          else if (n == 4 && !memcmp (p, "de-vs", 4) && systrust)
+            ti->flags.de_vs = 1;
          else
            log_error ("flag '%.*s' in '%s', line %d ignored\n",
                       n, p, fname, lnr);
@ -477,7 +480,8 @@ istrusted_internal (ctrl_t ctrl, const char *fpr, int *r_disabled,
               in a locked state.  */
            if (already_locked)
              ;
-            else if (ti->flags.relax || ti->flags.cm || ti->flags.qual)
+            else if (ti->flags.relax || ti->flags.cm || ti->flags.qual
+                     || ti->flags.de_vs)
              {
                unlock_trusttable ();
                locked = 0;
@ -488,6 +492,8 @@ istrusted_internal (ctrl_t ctrl, const char *fpr, int *r_disabled,
                  err = agent_write_status (ctrl,"TRUSTLISTFLAG", "cm", NULL);
                if (!err && ti->flags.qual)
                  err = agent_write_status (ctrl,"TRUSTLISTFLAG", "qual",NULL);
+                if (!err && ti->flags.de_vs)
+                  err = agent_write_status (ctrl,"TRUSTLISTFLAG", "de-vs",NULL);
              }

            if (!err)