1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

gpg: New command --quick-set-ownertrust.

* g10/gpg.c (aQuickSetOwnertrust): New.
(opts): Add new command.
(main): Implement it.
* g10/keyedit.c (keyedit_quick_set_ownertrust): New.
This commit is contained in:
Werner Koch 2024-04-17 11:42:20 +02:00
parent b261478c06
commit 967678d972
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 105 additions and 2 deletions

View File

@ -1223,12 +1223,19 @@ all affected self-signatures is set one second ahead.
This command updates the preference list of the key to the current
default value (either built-in or set via
@option{--default-preference-list}). This is the unattended version
of of using "setpref" in the @option{--key-edit} menu without giving a
of using "setpref" in the @option{--key-edit} menu without giving a
list. Note that you can show the preferences in a key listing by
using @option{--list-options show-pref} or @option{--list-options
show-pref-verbose}. You should also re-distribute updated keys to
your peers.
@item --quick-set-ownertrust @var{user-id} @var{value}
@opindex quick-set-ownertrust
This command sets the ownertrust of a key and can also be used to set
the disable flag of a key. This is the unattended version of using
"trust", "disable", or "enable" in the @option{--key-edit} menu.
@item --change-passphrase @var{user-id}
@opindex change-passphrase
@itemx --passwd @var{user-id}

View File

@ -136,6 +136,7 @@ enum cmd_and_opt_values
aQuickSetExpire,
aQuickSetPrimaryUid,
aQuickUpdatePref,
aQuickSetOwnertrust,
aListConfig,
aListGcryptConfig,
aGPGConfList,
@ -502,6 +503,7 @@ static gpgrt_opt_t opts[] = {
N_("quickly set a new expiration date")),
ARGPARSE_c (aQuickSetPrimaryUid, "quick-set-primary-uid", "@"),
ARGPARSE_c (aQuickUpdatePref, "quick-update-pref", "@"),
ARGPARSE_c (aQuickSetOwnertrust, "quick-set-ownertrust", "@"),
ARGPARSE_c (aFullKeygen, "full-generate-key" ,
N_("full featured key pair generation")),
ARGPARSE_c (aFullKeygen, "full-gen-key", "@"),
@ -2717,6 +2719,7 @@ main (int argc, char **argv)
case aQuickSetExpire:
case aQuickSetPrimaryUid:
case aQuickUpdatePref:
case aQuickSetOwnertrust:
case aExportOwnerTrust:
case aImportOwnerTrust:
case aRebuildKeydbCaches:
@ -4393,6 +4396,7 @@ main (int argc, char **argv)
case aQuickRevUid:
case aQuickSetPrimaryUid:
case aQuickUpdatePref:
case aQuickSetOwnertrust:
case aFullKeygen:
case aKeygen:
case aImport:
@ -4912,6 +4916,15 @@ main (int argc, char **argv)
}
break;
case aQuickSetOwnertrust:
{
if (argc != 2)
wrong_args ("--quick-set-ownertrust USER-ID"
" [enable|disable|full|...]");
keyedit_quick_set_ownertrust (ctrl, argv[0], argv[1]);
}
break;
case aFastImport:
opt.import_options |= IMPORT_FAST; /* fall through */
case aImport:

View File

@ -2754,6 +2754,87 @@ keyedit_quick_update_pref (ctrl_t ctrl, const char *username)
}
/* Unattended updating of the ownertrust or disable/enable state of a key
* USERNAME specifies the key. This is somewhat similar to
* gpg --edit-key <userid> trust save
* gpg --edit-key <userid> disable save
*
* VALUE is the new trust value which is one of:
* "undefined" - Ownertrust is set to undefined
* "never" - Ownertrust is set to never trust
* "marginal" - Ownertrust is set to marginal trust
* "full" - Ownertrust is set to full trust
* "ultimate" - Ownertrust is set to ultimate trust
* "enable" - The key is re-enabled.
* "disable" - The key is disabled.
* Trust settings do not change the ebable/disable state.
*/
void
keyedit_quick_set_ownertrust (ctrl_t ctrl, const char *username,
const char *value)
{
gpg_error_t err;
KEYDB_HANDLE kdbhd = NULL;
kbnode_t keyblock = NULL;
PKT_public_key *pk;
unsigned int trust, newtrust;
int x;
int maybe_update_trust = 0;
#ifdef HAVE_W32_SYSTEM
/* See keyedit_menu for why we need this. */
check_trustdb_stale (ctrl);
#endif
/* Search the key; we don't want the whole getkey stuff here. Note
* that we are looking for the public key here. */
err = quick_find_keyblock (ctrl, username, 0, &kdbhd, &keyblock);
if (err)
goto leave;
log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY
|| keyblock->pkt->pkttype == PKT_SECRET_KEY);
pk = keyblock->pkt->pkt.public_key;
trust = newtrust = get_ownertrust (ctrl, pk);
if (!ascii_strcasecmp (value, "enable"))
newtrust &= ~TRUST_FLAG_DISABLED;
else if (!ascii_strcasecmp (value, "disable"))
newtrust |= TRUST_FLAG_DISABLED;
else if ((x = string_to_trust_value (value)) >= 0)
{
newtrust = x;
newtrust &= TRUST_MASK;
newtrust |= (trust & ~TRUST_MASK);
maybe_update_trust = 1;
}
else
{
err = gpg_error (GPG_ERR_INV_ARG);
goto leave;
}
if (trust != newtrust)
{
update_ownertrust (ctrl, pk, newtrust);
if (maybe_update_trust)
revalidation_mark (ctrl);
}
else if (opt.verbose)
log_info (_("Key not changed so no update needed.\n"));
leave:
if (err)
{
log_error (_("setting the ownertrust to '%s' failed: %s\n"),
value, gpg_strerror (err));
write_status_error ("keyedit.setownertrust", err);
}
release_kbnode (keyblock);
keydb_release (kdbhd);
}
/* Find a keyblock by fingerprint because only this uniquely
* identifies a key and may thus be used to select a key for
* unattended subkey creation os key signing. */
@ -2998,7 +3079,7 @@ keyedit_quick_revsig (ctrl_t ctrl, const char *username, const char *sigtorev,
check_trustdb_stale (ctrl);
#endif
/* Search the key; we don't want the whole getkey stuff here. Noet
/* Search the key; we don't want the whole getkey stuff here. Note
* that we are looking for the public key here. */
err = quick_find_keyblock (ctrl, username, 0, &kdbhd, &keyblock);
if (err)

View File

@ -57,6 +57,8 @@ void keyedit_quick_set_expire (ctrl_t ctrl,
void keyedit_quick_set_primary (ctrl_t ctrl, const char *username,
const char *primaryuid);
void keyedit_quick_update_pref (ctrl_t ctrl, const char *username);
void keyedit_quick_set_ownertrust (ctrl_t ctrl, const char *username,
const char *value);
void show_basic_key_info (ctrl_t ctrl, kbnode_t keyblock, int print_sec);
int keyedit_print_one_sig (ctrl_t ctrl, estream_t fp,
int rc, kbnode_t keyblock,