mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-08 12:44:23 +01:00
gpg: Emit status lines TOFU_STATS and TOFU_STATS_LONG.
* g10/tofu.c (NO_WARNING_THRESHOLD): Rename to BASIC_TRUST_THRESHOLD. (FULL_TRUST_THRESHOLD): New. (write_stats_status): New. (show_statistics): Call new function. Print TOFU_STATS_LONG. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
ae1889320b
commit
83865be35c
44
doc/DETAILS
44
doc/DETAILS
@ -668,10 +668,54 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
|
|||||||
- shell :: The standard X.509 model.
|
- shell :: The standard X.509 model.
|
||||||
- chain :: The chain model.
|
- chain :: The chain model.
|
||||||
- steed :: The STEED model.
|
- steed :: The STEED model.
|
||||||
|
- tofu :: The TOFU model
|
||||||
|
|
||||||
Note that the term =TRUST_= in the status names is used for
|
Note that the term =TRUST_= in the status names is used for
|
||||||
historic reasons; we now speak of validity.
|
historic reasons; we now speak of validity.
|
||||||
|
|
||||||
|
*** TOFU_USER <fingerprint_in_hex> <mbox>
|
||||||
|
|
||||||
|
This status identifies the key and the userid for all following
|
||||||
|
Tofu information. The fingerprint is the fingerprint of the
|
||||||
|
primary key and the mbox is in general the mailbox part of the
|
||||||
|
userid encoded in UTF-8 and percent escaped.
|
||||||
|
|
||||||
|
*** TOFU_STATS <validity> <sign-count> 0 [<policy> [<tm1> <tm2>]]
|
||||||
|
|
||||||
|
Statistics for the current user id.
|
||||||
|
|
||||||
|
Values for VALIDITY are:
|
||||||
|
- 0 :: conflict
|
||||||
|
- 1 :: key without history
|
||||||
|
- 2 :: key with too little history
|
||||||
|
- 3 :: key with enough history for basic trust
|
||||||
|
- 4 :: key with a lot of history
|
||||||
|
|
||||||
|
Values for POLICY are:
|
||||||
|
- none :: No Policy set
|
||||||
|
- auto :: Policy is "auto"
|
||||||
|
- good :: Policy is "good"
|
||||||
|
- bad :: Policy is "bad"
|
||||||
|
- ask :: Policy is "ask"
|
||||||
|
- unknown :: Policy is not known.
|
||||||
|
|
||||||
|
TM1 gives the number of seconds since the the first messages was
|
||||||
|
verified. TM2 gives the number of seconds since the most recent
|
||||||
|
message was verified.
|
||||||
|
|
||||||
|
*** TOFU_STATS_SHORT <long_string>
|
||||||
|
|
||||||
|
Information about the TOFU binding for the signature.
|
||||||
|
Example: "15 signatures verified. 10 messages encrypted"
|
||||||
|
|
||||||
|
*** TOFU_STATS_LONG <long_string>
|
||||||
|
|
||||||
|
Information about the TOFU binding for the signature in verbose
|
||||||
|
format. The LONG_STRING is percent escaped.
|
||||||
|
Example: 'Verified 9 messages signed by "Werner Koch
|
||||||
|
(dist sig)" in the past 3 minutes, 40 seconds. The most
|
||||||
|
recent message was verified 4 seconds ago.'
|
||||||
|
|
||||||
*** PKA_TRUST_
|
*** PKA_TRUST_
|
||||||
This is is one:
|
This is is one:
|
||||||
|
|
||||||
|
59
g10/tofu.c
59
g10/tofu.c
@ -47,8 +47,12 @@
|
|||||||
|
|
||||||
#define CONTROL_L ('L' - 'A' + 1)
|
#define CONTROL_L ('L' - 'A' + 1)
|
||||||
|
|
||||||
/* Number of signed messages required to not show extra warnings. */
|
/* Number of signed messages required to indicate that enough history
|
||||||
#define NO_WARNING_THRESHOLD 10
|
* is available for basic trust. */
|
||||||
|
#define BASIC_TRUST_THRESHOLD 10
|
||||||
|
/* Number of signed messages required to indicate that a lot of
|
||||||
|
* history is available. */
|
||||||
|
#define FULL_TRUST_THRESHOLD 100
|
||||||
|
|
||||||
|
|
||||||
#define DEBUG_TOFU_CACHE 0
|
#define DEBUG_TOFU_CACHE 0
|
||||||
@ -2365,6 +2369,40 @@ time_ago_str (long long int t)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Write TOFU_STATS status line. */
|
||||||
|
static void
|
||||||
|
write_stats_status (long messages, enum tofu_policy policy,
|
||||||
|
long first_seen_ago, long most_recent_seen_ago)
|
||||||
|
{
|
||||||
|
char numbuf1[35];
|
||||||
|
char numbuf2[35];
|
||||||
|
char numbuf3[35];
|
||||||
|
const char *validity;
|
||||||
|
|
||||||
|
if (messages < 1)
|
||||||
|
validity = "1"; /* Key without history. */
|
||||||
|
else if (messages < BASIC_TRUST_THRESHOLD)
|
||||||
|
validity = "2"; /* Key with too little history. */
|
||||||
|
else if (messages < FULL_TRUST_THRESHOLD)
|
||||||
|
validity = "3"; /* Key with enough history for basic trust. */
|
||||||
|
else
|
||||||
|
validity = "4"; /* Key with a lot of history. */
|
||||||
|
|
||||||
|
snprintf (numbuf1, sizeof numbuf1, " %ld", messages);
|
||||||
|
*numbuf2 = *numbuf3 = 0;
|
||||||
|
if (first_seen_ago >= 0 && most_recent_seen_ago >= 0)
|
||||||
|
{
|
||||||
|
snprintf (numbuf2, sizeof numbuf2, " %ld", first_seen_ago);
|
||||||
|
snprintf (numbuf3, sizeof numbuf3, " %ld", most_recent_seen_ago);
|
||||||
|
}
|
||||||
|
|
||||||
|
write_status_strings (STATUS_TOFU_STATS,
|
||||||
|
validity, numbuf1, " 0",
|
||||||
|
" ", tofu_policy_str (policy),
|
||||||
|
numbuf2, numbuf3,
|
||||||
|
NULL);
|
||||||
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
show_statistics (struct dbs *dbs, const char *fingerprint,
|
show_statistics (struct dbs *dbs, const char *fingerprint,
|
||||||
const char *email, const char *user_id,
|
const char *email, const char *user_id,
|
||||||
@ -2407,8 +2445,11 @@ show_statistics (struct dbs *dbs, const char *fingerprint,
|
|||||||
email, strlen (email), 0);
|
email, strlen (email), 0);
|
||||||
|
|
||||||
if (! strlist)
|
if (! strlist)
|
||||||
|
{
|
||||||
log_info (_("Have never verified a message signed by key %s!\n"),
|
log_info (_("Have never verified a message signed by key %s!\n"),
|
||||||
fingerprint_pp);
|
fingerprint_pp);
|
||||||
|
write_stats_status (0, TOFU_POLICY_NONE, -1, -1);
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
signed long messages;
|
signed long messages;
|
||||||
@ -2432,15 +2473,21 @@ show_statistics (struct dbs *dbs, const char *fingerprint,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (messages == -1 || first_seen_ago == 0)
|
if (messages == -1 || first_seen_ago == 0)
|
||||||
|
{
|
||||||
|
write_stats_status (0, TOFU_POLICY_NONE, -1, -1);
|
||||||
log_info (_("Failed to collect signature statistics for \"%s\"\n"
|
log_info (_("Failed to collect signature statistics for \"%s\"\n"
|
||||||
"(key %s)\n"),
|
"(key %s)\n"),
|
||||||
user_id, fingerprint_pp);
|
user_id, fingerprint_pp);
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
enum tofu_policy policy = get_policy (dbs, fingerprint, email, NULL);
|
enum tofu_policy policy = get_policy (dbs, fingerprint, email, NULL);
|
||||||
estream_t fp;
|
estream_t fp;
|
||||||
char *msg;
|
char *msg;
|
||||||
|
|
||||||
|
write_stats_status (messages, policy,
|
||||||
|
first_seen_ago, most_recent_seen_ago);
|
||||||
|
|
||||||
fp = es_fopenmem (0, "rw,samethread");
|
fp = es_fopenmem (0, "rw,samethread");
|
||||||
if (! fp)
|
if (! fp)
|
||||||
log_fatal ("error creating memory stream: %s\n",
|
log_fatal ("error creating memory stream: %s\n",
|
||||||
@ -2497,12 +2544,18 @@ show_statistics (struct dbs *dbs, const char *fingerprint,
|
|||||||
for (p=msg; *p; p++)
|
for (p=msg; *p; p++)
|
||||||
if (*p == '~')
|
if (*p == '~')
|
||||||
*p = ' ';
|
*p = ' ';
|
||||||
|
|
||||||
|
/* Print a status line but suppress the trailing LF.
|
||||||
|
* Spaces are not percent escaped. */
|
||||||
|
if (*msg)
|
||||||
|
write_status_buffer (STATUS_TOFU_STATS_LONG,
|
||||||
|
msg, strlen (msg)-1, -1);
|
||||||
}
|
}
|
||||||
|
|
||||||
log_string (GPGRT_LOG_INFO, msg);
|
log_string (GPGRT_LOG_INFO, msg);
|
||||||
xfree (msg);
|
xfree (msg);
|
||||||
|
|
||||||
if (policy == TOFU_POLICY_AUTO && messages < NO_WARNING_THRESHOLD)
|
if (policy == TOFU_POLICY_AUTO && messages < BASIC_TRUST_THRESHOLD)
|
||||||
{
|
{
|
||||||
char *set_policy_command;
|
char *set_policy_command;
|
||||||
char *text;
|
char *text;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user