1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-08 12:44:23 +01:00

gpg: Don't take the a TOFU trust model from the trustdb,

* g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model.
(create_version_record): Don't init as TOFU.
(tdbio_db_matches_options): Don't indicate a change in case TOFU is
stored in an old trustdb file.
--

This change allows to switch between a tofu and pgp or tofu+pgp trust
model without an auto rebuild of the trustdb.  This also requires that
the tofu trust model is requested on the command line.  If TOFU will
ever be the default we need to tweak the model detection via TM_AUTO
by also looking into the TOFU data base,

GnuPG-bug-id: 4134
(cherry picked from commit 150a33df41944d764621f037038683f3d605aa3f)
This commit is contained in:
Werner Koch 2018-10-10 11:46:16 +02:00
parent e486fb2495
commit 82cd7556fd
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 27 additions and 5 deletions

View File

@ -1724,7 +1724,8 @@ Set what trust model GnuPG should follow. The models are:
@opindex trust-model:auto @opindex trust-model:auto
Select the trust model depending on whatever the internal trust Select the trust model depending on whatever the internal trust
database says. This is the default model if such a database already database says. This is the default model if such a database already
exists. exists. Note that a tofu trust model is not considered here and
must be enabled explicitly.
@end table @end table
@item --auto-key-locate @var{mechanisms} @item --auto-key-locate @var{mechanisms}

View File

@ -562,6 +562,12 @@ tdbio_update_version_record (ctrl_t ctrl)
{ {
TRUSTREC rec; TRUSTREC rec;
int rc; int rc;
int opt_tm;
/* Never store a TOFU trust model in the trustdb. Use PGP instead. */
opt_tm = opt.trust_model;
if (opt_tm == TM_TOFU || opt_tm == TM_TOFU_PGP)
opt_tm = TM_PGP;
memset (&rec, 0, sizeof rec); memset (&rec, 0, sizeof rec);
@ -572,7 +578,7 @@ tdbio_update_version_record (ctrl_t ctrl)
rec.r.ver.marginals = opt.marginals_needed; rec.r.ver.marginals = opt.marginals_needed;
rec.r.ver.completes = opt.completes_needed; rec.r.ver.completes = opt.completes_needed;
rec.r.ver.cert_depth = opt.max_cert_depth; rec.r.ver.cert_depth = opt.max_cert_depth;
rec.r.ver.trust_model = opt.trust_model; rec.r.ver.trust_model = opt_tm;
rec.r.ver.min_cert_level = opt.min_cert_level; rec.r.ver.min_cert_level = opt.min_cert_level;
rc = tdbio_write_record (ctrl, &rec); rc = tdbio_write_record (ctrl, &rec);
} }
@ -591,6 +597,12 @@ create_version_record (ctrl_t ctrl)
{ {
TRUSTREC rec; TRUSTREC rec;
int rc; int rc;
int opt_tm;
/* Never store a TOFU trust model in the trustdb. Use PGP instead. */
opt_tm = opt.trust_model;
if (opt_tm == TM_TOFU || opt_tm == TM_TOFU_PGP)
opt_tm = TM_PGP;
memset (&rec, 0, sizeof rec); memset (&rec, 0, sizeof rec);
rec.r.ver.version = 3; rec.r.ver.version = 3;
@ -598,8 +610,8 @@ create_version_record (ctrl_t ctrl)
rec.r.ver.marginals = opt.marginals_needed; rec.r.ver.marginals = opt.marginals_needed;
rec.r.ver.completes = opt.completes_needed; rec.r.ver.completes = opt.completes_needed;
rec.r.ver.cert_depth = opt.max_cert_depth; rec.r.ver.cert_depth = opt.max_cert_depth;
if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC) if (opt_tm == TM_PGP || opt_tm == TM_CLASSIC)
rec.r.ver.trust_model = opt.trust_model; rec.r.ver.trust_model = opt_tm;
else else
rec.r.ver.trust_model = TM_PGP; rec.r.ver.trust_model = TM_PGP;
rec.r.ver.min_cert_level = opt.min_cert_level; rec.r.ver.min_cert_level = opt.min_cert_level;
@ -883,16 +895,25 @@ tdbio_db_matches_options()
{ {
TRUSTREC vr; TRUSTREC vr;
int rc; int rc;
int opt_tm, tm;
rc = tdbio_read_record (0, &vr, RECTYPE_VER); rc = tdbio_read_record (0, &vr, RECTYPE_VER);
if( rc ) if( rc )
log_fatal( _("%s: error reading version record: %s\n"), log_fatal( _("%s: error reading version record: %s\n"),
db_name, gpg_strerror (rc) ); db_name, gpg_strerror (rc) );
/* Consider tofu and pgp the same. */
tm = vr.r.ver.trust_model;
if (tm == TM_TOFU || tm == TM_TOFU_PGP)
tm = TM_PGP;
opt_tm = opt.trust_model;
if (opt_tm == TM_TOFU || opt_tm == TM_TOFU_PGP)
opt_tm = TM_PGP;
yes_no = vr.r.ver.marginals == opt.marginals_needed yes_no = vr.r.ver.marginals == opt.marginals_needed
&& vr.r.ver.completes == opt.completes_needed && vr.r.ver.completes == opt.completes_needed
&& vr.r.ver.cert_depth == opt.max_cert_depth && vr.r.ver.cert_depth == opt.max_cert_depth
&& vr.r.ver.trust_model == opt.trust_model && tm == opt_tm
&& vr.r.ver.min_cert_level == opt.min_cert_level; && vr.r.ver.min_cert_level == opt.min_cert_level;
} }