gpg: Remove stale ultimately trusted keys from the trustdb.

* g10/tdbdump.c (export_ownertrust): Skip records marked with the option --trusted-key. (import_ownertrust): Clear the trusted-key flag. * g10/tdbio.h (struct trust_record): Add field flags. * g10/tdbio.c (tdbio_dump_record): Improve output. (tdbio_read_record, tdbio_write_record): Handle flags. * g10/trustdb.c (verify_own_keys): Clear stale trusted-keys and set the flag for new --trusted-keys. (tdb_update_ownertrust): Add arg as_trusted_key. Update callers. -- GnuPG-bug-id: 5685 Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-03 22:56:33 +02:00 · 2021-11-13 20:34:06 +01:00 · 2021-11-13 20:34:06 +01:00 · 99ef78aa0c
commit 99ef78aa0c
parent b0079ab39d
7 changed files with 73 additions and 18 deletions
--- a/g10/tdbdump.c
+++ b/g10/tdbdump.c
@ -109,7 +109,9 @@ export_ownertrust (ctrl_t ctrl)
    {
      if (rec.rectype == RECTYPE_TRUST)
        {
-          if (!rec.r.trust.ownertrust)
+          /* Skip records with no ownertrust set or those with trust
+           * set via --trusted-key.  */
+          if (!rec.r.trust.ownertrust || (rec.r.trust.flags & 1))
            continue;
          p = rec.r.trust.fingerprint;
          for (i=0; i < 20; i++, p++ )
@ -204,6 +206,7 @@ import_ownertrust (ctrl_t ctrl, const char *fname )
                      log_info("setting ownertrust to %u\n", otrust );
                  }
                rec.r.trust.ownertrust = otrust;
+                rec.r.trust.flags &= ~(rec.r.trust.flags & 1);
                write_record (ctrl, &rec);
                any = 1;
              }