1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-10 13:04:23 +01:00

gpg: Keep the trust DB up to date for the tofu and tofu+pgp models.

* g10/trustdb.c (init_trustdb): Recognize tofu and tofu+pgp as
possibly saved trust models.  Also register the ultimately trusted
keys if the trust model is tofu or tofu+pgp.
(check_trustdb): Don't skip if the trust model is tofu or tofu+pgp.
(update_trustdb): Likewise.
(tdb_check_trustdb_stale): Likewise.
(validate_keys): If the trust model is TOFU, just write out the
ultimately trusted keys.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
This commit is contained in:
Neal H. Walfield 2015-10-21 13:28:15 +02:00
parent 243f90afba
commit d05ff81732

View File

@ -461,6 +461,8 @@ init_trustdb ()
/* Sanity check this ;) */ /* Sanity check this ;) */
if(opt.trust_model != TM_CLASSIC if(opt.trust_model != TM_CLASSIC
&& opt.trust_model != TM_PGP && opt.trust_model != TM_PGP
&& opt.trust_model != TM_TOFU_PGP
&& opt.trust_model != TM_TOFU
&& opt.trust_model != TM_EXTERNAL) && opt.trust_model != TM_EXTERNAL)
{ {
log_info(_("unable to use unknown trust model (%d) - " log_info(_("unable to use unknown trust model (%d) - "
@ -472,7 +474,8 @@ init_trustdb ()
log_info(_("using %s trust model\n"),trust_model_string()); log_info(_("using %s trust model\n"),trust_model_string());
} }
if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC) if (opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC
|| opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP)
{ {
/* Verify the list of ultimately trusted keys and move the /* Verify the list of ultimately trusted keys and move the
--trusted-keys list there as well. */ --trusted-keys list there as well. */
@ -494,7 +497,8 @@ void
check_trustdb () check_trustdb ()
{ {
init_trustdb(); init_trustdb();
if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC) if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
|| opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
{ {
if (opt.batch && !opt.answer_yes) if (opt.batch && !opt.answer_yes)
{ {
@ -530,7 +534,8 @@ void
update_trustdb() update_trustdb()
{ {
init_trustdb(); init_trustdb();
if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC) if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
|| opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
validate_keys (1); validate_keys (1);
else else
log_info (_("no need for a trustdb update with '%s' trust model\n"), log_info (_("no need for a trustdb update with '%s' trust model\n"),
@ -946,7 +951,8 @@ tdb_check_trustdb_stale (void)
return; /* No trustdb => can't be stale. */ return; /* No trustdb => can't be stale. */
if (!did_nextcheck if (!did_nextcheck
&& (opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)) && (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
|| opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU))
{ {
ulong scheduled; ulong scheduled;
@ -1938,6 +1944,11 @@ validate_keys (int interactive)
do_sync (); do_sync ();
} }
if (opt.trust_model == TM_TOFU)
/* In the TOFU trust model, we only need to save the ultimately
trusted keys. */
goto leave;
klist = utk_list; klist = utk_list;
log_info(_("%d marginal(s) needed, %d complete(s) needed, %s trust model\n"), log_info(_("%d marginal(s) needed, %d complete(s) needed, %s trust model\n"),