* sign.c (do_sign): Show the hash used when making a signature in verbose

mode.

* tdbio.h, tdbio.c (tdbio_read_model): New function to return the trust
model used in a given trustdb.

* options.h, g10.c (main), trustdb.c (init_trustdb, check_trustdb,
update_trustdb): Use tdbio_read_model to implement an "auto" trust model
which is set via the trustdb.

g10/ChangeLog

@@ -1,3 +1,15 @@
+2003-04-26  David Shaw  <dshaw@jabberwocky.com>
+
+	* sign.c (do_sign): Show the hash used when making a signature in
+	verbose mode.
+
+	* tdbio.h, tdbio.c (tdbio_read_model): New function to return the
+	trust model used in a given trustdb.
+
+	* options.h, g10.c (main), trustdb.c (init_trustdb, check_trustdb,
+	update_trustdb): Use tdbio_read_model to implement an "auto" trust
+	model which is set via the trustdb.
+
 2003-04-23  David Shaw  <dshaw@jabberwocky.com>
 
 	* import.c (import_revoke_cert): Remove ultimate trust when

g10/g10.c

@@ -1172,7 +1172,7 @@ main( int argc, char **argv )
     opt.keyserver_options.include_subkeys=1;
     opt.keyserver_options.include_revoked=1;
     opt.keyserver_options.try_dns_srv=1;
-    opt.trust_model=TM_OPENPGP;
+    opt.trust_model=TM_AUTO;
     opt.mangle_dos_filenames = 1;
 
 #if defined (__MINGW32__)
@@ -1493,6 +1493,8 @@ main( int argc, char **argv )
 	      opt.trust_model=TM_CLASSIC;
 	    else if(ascii_strcasecmp(pargs.r.ret_str,"always")==0)
 	      opt.trust_model=TM_ALWAYS;
+	    else if(ascii_strcasecmp(pargs.r.ret_str,"auto")==0)
+	      opt.trust_model=TM_AUTO;
 	    else
 	      log_error("unknown trust model \"%s\"\n",pargs.r.ret_str);
 	    break;

g10/options.h

@@ -89,7 +89,9 @@ struct {
     int skip_verify;
     int compress_keys;
     int compress_sigs;
-    enum {TM_CLASSIC=0, TM_OPENPGP=1, TM_ALWAYS} trust_model;
+    /* TM_CLASSIC must be zero to accomodate trustdbs generated before
+       we started storing the trust model inside the trustdb. */
+    enum {TM_CLASSIC=0, TM_OPENPGP=1, TM_ALWAYS, TM_AUTO} trust_model;
     unsigned int force_ownertrust;
     int pgp2;
     int pgp6;

g10/sign.c

@@ -309,8 +309,10 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
     else {
 	if( opt.verbose ) {
 	    char *ustr = get_user_id_string_printable (sig->keyid);
-	    log_info(_("%s signature from: \"%s\"\n"),
+	    log_info(_("%s/%s signature from: \"%s\"\n"),
-		      pubkey_algo_to_string(sk->pubkey_algo), ustr );
+		     pubkey_algo_to_string(sk->pubkey_algo),
+		     digest_algo_to_string(sig->digest_algo),
+		     ustr );
 	    m_free(ustr);
 	}
     }

g10/tdbio.c

@@ -669,6 +669,18 @@ tdbio_db_matches_options()
   return yes_no;
 }
 
+byte
+tdbio_read_model(void)
+{
+  TRUSTREC vr;
+  int rc;
+ 
+  rc = tdbio_read_record( 0, &vr, RECTYPE_VER );
+  if( rc )
+    log_fatal( _("%s: error reading version record: %s\n"),
+	       db_name, g10_errstr(rc) );
+  return vr.r.ver.trust_model;
+}
 
 /****************
  * Return the nextstamp value.

g10/tdbio.h

@@ -99,6 +99,7 @@ void tdbio_dump_record( TRUSTREC *rec, FILE *fp );
 int tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected );
 int tdbio_write_record( TRUSTREC *rec );
 int tdbio_db_matches_options(void);
+byte tdbio_read_model(void);
 ulong tdbio_read_nextcheck (void);
 int tdbio_write_nextcheck (ulong stamp);
 int tdbio_is_dirty(void);

g10/trustdb.c

@@ -375,6 +375,17 @@ do_sync(void)
       }
 }
 
+static const char *
+trust_model_string(void)
+{
+  switch(opt.trust_model)
+    {
+    case TM_OPENPGP: return "OpenPGP";
+    case TM_CLASSIC: return "classic";
+    case TM_ALWAYS:  return "always";
+    default:         return "unknown";
+    }
+}
 
 /****************
  * Perform some checks over the trustdb
@@ -425,8 +436,24 @@ init_trustdb()
   if( rc )
     log_fatal("can't init trustdb: %s\n", g10_errstr(rc) );
 
-  if(!tdbio_db_matches_options()
+  if(opt.trust_model==TM_AUTO)
-     && (opt.trust_model==TM_CLASSIC || opt.trust_model==TM_OPENPGP))
+    {
+      /* Try and set the trust model off of whatever the trustdb says
+	 it is. */
+
+      opt.trust_model=tdbio_read_model();
+      if(opt.trust_model!=TM_CLASSIC && opt.trust_model!=TM_OPENPGP)
+	{
+	  log_info(_("unable to use unknown trust model (%d) - "
+		     "assuming OpenPGP trust model\n"),opt.trust_model);
+	  opt.trust_model=TM_OPENPGP;
+	}
+
+      if(opt.verbose)
+	log_info(_("using %s trust model\n"),trust_model_string());
+    }
+  else if(!tdbio_db_matches_options()
+	  && (opt.trust_model==TM_CLASSIC || opt.trust_model==TM_OPENPGP))
     pending_check_trustdb=1;
 }
 
@@ -475,18 +502,6 @@ trust_string (unsigned int value)
     }
 }
 
-static const char *
-trust_model_string(void)
-{
-  switch(opt.trust_model)
-    {
-    case TM_OPENPGP: return "OpenPGP";
-    case TM_CLASSIC: return "classic";
-    case TM_ALWAYS:  return "always";
-    default:         return "unknown";
-    }
-}
-
 /****************
  * Recreate the WoT but do not ask for new ownertrusts.  Special
  * feature: In batch mode and without a forced yes, this is only done
@@ -495,9 +510,9 @@ trust_model_string(void)
 void
 check_trustdb ()
 {
+  init_trustdb();
   if(opt.trust_model==TM_OPENPGP || opt.trust_model==TM_CLASSIC)
     {
-      init_trustdb();
       if (opt.batch && !opt.answer_yes)
 	{
 	  ulong scheduled;
@@ -531,11 +546,9 @@ check_trustdb ()
 void
 update_trustdb()
 {
+  init_trustdb();
   if(opt.trust_model==TM_OPENPGP || opt.trust_model==TM_CLASSIC)
-    {
+    validate_keys (1);
-      init_trustdb();
-      validate_keys (1);
-    }
   else
     log_info (_("no need for a trustdb update with \"%s\" trust model\n"),
 	      trust_model_string());
@@ -1891,9 +1904,7 @@ validate_keys (int interactive)
   klist = utk_list;
 
   log_info(_("%d marginal(s) needed, %d complete(s) needed, %s trust model\n"),
-	   opt.marginals_needed,opt.completes_needed,
+	   opt.marginals_needed,opt.completes_needed,trust_model_string());
-	   opt.trust_model==TM_CLASSIC?"Classic":
-	                  opt.trust_model==TM_OPENPGP?"OpenPGP":"unknown");
 
   for (depth=0; depth < opt.max_cert_depth; depth++)
     {