diff --git a/autogen.sh b/autogen.sh index 7effd568a..3fe24ead8 100755 --- a/autogen.sh +++ b/autogen.sh @@ -311,6 +311,7 @@ if [ "$myhost" = "w32" ]; then $tsdir/configure --enable-maintainer-mode ${SILENT} \ --prefix=${w32root} \ --host=${host} --build=${build} SYSROOT=${w32root} \ + PKG_CONFIG_LIBDIR=${w32root} \ ${configure_opts} ${extraoptions} "$@" rc=$? exit $rc diff --git a/configure.ac b/configure.ac index ddbc0657d..3ec989534 100644 --- a/configure.ac +++ b/configure.ac @@ -69,6 +69,7 @@ NEED_NPTH_VERSION=0.91 NEED_GNUTLS_VERSION=3.0 +NEED_SQLITE_VERSION=3.7 development_version=mym4_isbeta PACKAGE=$PACKAGE_NAME @@ -91,6 +92,7 @@ have_libassuan=no have_ksba=no have_ntbtls=no have_gnutls=no +have_sqlite=no have_npth=no have_libusb=no have_adns=no @@ -100,6 +102,7 @@ use_zip=yes use_bzip2=yes use_exec=yes use_trust_models=yes +use_tofu=yes card_support=yes use_ccid_driver=yes dirmngr_auto_start=yes @@ -247,6 +250,14 @@ if test "$use_trust_models" = no ; then [Define to include only trust-model always]) fi +AC_MSG_CHECKING([whether to enable TOFU]) +AC_ARG_ENABLE(tofu, + AC_HELP_STRING([--disable-tofu], + [disable the TOFU trust model]), + use_tofu=$enableval, use_tofu=yes) +AC_MSG_RESULT($use_tofu) + + # # Options to disable algorithm @@ -780,11 +791,39 @@ DL_LIBS=$LIBS AC_SUBST(DL_LIBS) LIBS="$gnupg_dlopen_save_libs" + # Checks for g10 -PKG_CHECK_MODULES(SQLITE3, sqlite3) -AC_SUBST(SQLITE3_CFLAGS) -AC_SUBST(SQLITE3_LIBS) +AC_ARG_ENABLE(sqlite, + AC_HELP_STRING([--disable-sqlite], + [disable the use of SQLITE]), + try_sqlite=$enableval, try_sqlite=yes) + +if test x"$use_tofu" = xyes ; then + if test x"$try_sqlite" = xyes ; then + PKG_CHECK_MODULES([SQLITE3], [sqlite3 >= $NEED_SQLITE_VERSION], + [have_sqlite=yes], + [have_sqlite=no]) + fi + if test "$have_sqlite" = "yes"; then + : + AC_SUBST([SQLITE3_CFLAGS]) + AC_SUBST([SQLITE3_LIBS]) + else + use_tofu=no + tmp=$(echo "$SQLITE3_PKG_ERRORS" | tr '\n' '\v' | sed 's/\v/\n*** /g') + AC_MSG_WARN([[ +*** +*** Building without SQLite support - TOFU disabled +*** +*** $tmp]]) + fi +fi + +if test x"$use_tofu" = xyes ; then + AC_DEFINE(USE_TOFU, 1, [Enable to build the TOFU code]) +fi + # Checks for g13 @@ -1547,7 +1586,8 @@ AM_CONDITIONAL(BUILD_SYMCRYPTRUN, test "$build_symcryptrun" = "yes") AM_CONDITIONAL(BUILD_GPGTAR, test "$build_gpgtar" = "yes") AM_CONDITIONAL(ENABLE_CARD_SUPPORT, test "$card_support" = yes) -AM_CONDITIONAL(NO_TRUST_MODELS, test "$use_trust_models" = no) +AM_CONDITIONAL(NO_TRUST_MODELS, test "$use_trust_models" = no) +AM_CONDITIONAL(USE_TOFU, test "$use_tofu" = yes) AM_CONDITIONAL(RUN_GPG_TESTS, test x$cross_compiling = xno -a "$build_gpg" = yes ) @@ -1800,6 +1840,7 @@ echo " LDAP support: $gnupg_have_ldap DNS SRV support: $use_dns_srv TLS support: $use_tls_library + TOFU support: $use_tofu " if test x"$use_regex" != xyes ; then echo " diff --git a/g10/Makefile.am b/g10/Makefile.am index 73578435d..75ccac85f 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -56,6 +56,12 @@ else trust_source = trustdb.c trustdb.h tdbdump.c tdbio.c tdbio.h endif +if USE_TOFU +tofu_source = tofu.h tofu.c +else +tofu_source = +endif + if HAVE_W32_SYSTEM resource_objs += gpg-w32info.o @@ -124,10 +130,9 @@ gpg2_SOURCES = gpg.c \ call-dirmngr.c call-dirmngr.h \ photoid.c photoid.h \ call-agent.c call-agent.h \ - trust.c $(trust_source) \ + trust.c $(trust_source) $(tofu_source) \ $(card_source) \ - exec.c exec.h \ - tofu.h tofu.c + exec.c exec.h gpgv2_SOURCES = gpgv.c \ $(common_source) \ diff --git a/g10/gpg.c b/g10/gpg.c index 794d5ea56..ff6e59f60 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -1949,10 +1949,12 @@ parse_trust_model(const char *model) opt.trust_model=TM_ALWAYS; else if(ascii_strcasecmp(model,"direct")==0) opt.trust_model=TM_DIRECT; +#ifdef USE_TOFU else if(ascii_strcasecmp(model,"tofu")==0) opt.trust_model=TM_TOFU; else if(ascii_strcasecmp(model,"tofu+pgp")==0) opt.trust_model=TM_TOFU_PGP; +#endif /*USE_TOFU*/ else if(ascii_strcasecmp(model,"auto")==0) opt.trust_model=TM_AUTO; else @@ -1963,6 +1965,7 @@ parse_trust_model(const char *model) static int parse_tofu_policy (const char *policy) { +#ifdef USE_TOFU if (ascii_strcasecmp (policy, "auto") == 0) return TOFU_POLICY_AUTO; else if (ascii_strcasecmp (policy, "good") == 0) @@ -1974,6 +1977,7 @@ parse_tofu_policy (const char *policy) else if (ascii_strcasecmp (policy, "ask") == 0) return TOFU_POLICY_ASK; else +#endif /*USE_TOFU*/ { log_error (_("unknown TOFU policy '%s'\n"), policy); g10_exit (1); @@ -1983,6 +1987,7 @@ parse_tofu_policy (const char *policy) static int parse_tofu_db_format (const char *db_format) { +#ifdef USE_TOFU if (ascii_strcasecmp (db_format, "auto") == 0) return TOFU_DB_AUTO; else if (ascii_strcasecmp (db_format, "split") == 0) @@ -1990,6 +1995,7 @@ parse_tofu_db_format (const char *db_format) else if (ascii_strcasecmp (db_format, "flat") == 0) return TOFU_DB_FLAT; else +#endif /*USE_TOFU*/ { log_error (_("unknown TOFU DB format '%s'\n"), db_format); g10_exit (1); @@ -4417,6 +4423,7 @@ main (int argc, char **argv) break; case aTOFUPolicy: +#ifdef USE_TOFU { int policy; int i; @@ -4487,7 +4494,6 @@ main (int argc, char **argv) } merge_keys_and_selfsig (kb); - if (tofu_set_policy (kb, policy)) g10_exit (1); } @@ -4495,6 +4501,7 @@ main (int argc, char **argv) keydb_release (hd); } +#endif /*USE_TOFU*/ break; case aListPackets: diff --git a/g10/keyedit.c b/g10/keyedit.c index 432ba8663..fba7d3552 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -2930,10 +2930,12 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock) es_putc (':', fp); if (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP) { +#ifdef USE_TOFU enum tofu_policy policy; if (! tofu_get_policy (primary, uid, &policy) && policy != TOFU_POLICY_NONE) es_fprintf (fp, "%s", tofu_policy_str (policy)); +#endif /*USE_TOFU*/ } es_putc (':', fp); es_putc ('\n', fp); diff --git a/g10/keylist.c b/g10/keylist.c index 154169718..2a766a140 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1501,10 +1501,12 @@ list_keyblock_colon (KBNODE keyblock, int secret, int has_secret, int fpr) es_fprintf (es_stdout, "::::::::"); if (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP) { +#ifdef USE_TOFU enum tofu_policy policy; if (! tofu_get_policy (pk, uid, &policy) && policy != TOFU_POLICY_NONE) es_fprintf (es_stdout, "%s", tofu_policy_str (policy)); +#endif /*USE_TOFU*/ } es_putc (':', es_stdout); es_putc ('\n', es_stdout); diff --git a/g10/tofu.h b/g10/tofu.h index b0fcc5bc0..adf87abe6 100644 --- a/g10/tofu.h +++ b/g10/tofu.h @@ -106,4 +106,4 @@ gpg_error_t tofu_set_policy_by_keyid (u32 *keyid, enum tofu_policy policy); gpg_error_t tofu_get_policy (PKT_public_key *pk, PKT_user_id *user_id, enum tofu_policy *policy); -#endif +#endif /*G10_TOFU_H*/ diff --git a/g10/trustdb.c b/g10/trustdb.c index f58051a75..cadc7e96b 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1001,6 +1001,7 @@ tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid, goto leave; } +#ifdef USE_TOFU if (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP) { kbnode_t user_id_node = NULL; /* Silence -Wmaybe-uninitialized. */ @@ -1078,6 +1079,7 @@ tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid, break; } } +#endif /*USE_TOFU*/ if (opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_CLASSIC @@ -1137,7 +1139,18 @@ tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid, } leave: +#ifdef USE_TOFU validity = tofu_wot_trust_combine (tofu_validity, validity); +#else /*!USE_TOFU*/ + validity &= TRUST_MASK; + + if (validity == TRUST_NEVER) + /* TRUST_NEVER trumps everything else. */ + validity |= TRUST_NEVER; + if (validity == TRUST_EXPIRED) + /* TRUST_EXPIRED trumps everything but TRUST_NEVER. */ + validity |= TRUST_EXPIRED; +#endif /*!USE_TOFU*/ if (opt.trust_model != TM_TOFU && pending_check_trustdb)