mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-10 13:04:23 +01:00
gpg: Keep the trust DB up to date for the tofu and tofu+pgp models.
* g10/trustdb.c (init_trustdb): Recognize tofu and tofu+pgp as possibly saved trust models. Also register the ultimately trusted keys if the trust model is tofu or tofu+pgp. (check_trustdb): Don't skip if the trust model is tofu or tofu+pgp. (update_trustdb): Likewise. (tdb_check_trustdb_stale): Likewise. (validate_keys): If the trust model is TOFU, just write out the ultimately trusted keys. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>
This commit is contained in:
parent
243f90afba
commit
d05ff81732
@ -461,6 +461,8 @@ init_trustdb ()
|
|||||||
/* Sanity check this ;) */
|
/* Sanity check this ;) */
|
||||||
if(opt.trust_model != TM_CLASSIC
|
if(opt.trust_model != TM_CLASSIC
|
||||||
&& opt.trust_model != TM_PGP
|
&& opt.trust_model != TM_PGP
|
||||||
|
&& opt.trust_model != TM_TOFU_PGP
|
||||||
|
&& opt.trust_model != TM_TOFU
|
||||||
&& opt.trust_model != TM_EXTERNAL)
|
&& opt.trust_model != TM_EXTERNAL)
|
||||||
{
|
{
|
||||||
log_info(_("unable to use unknown trust model (%d) - "
|
log_info(_("unable to use unknown trust model (%d) - "
|
||||||
@ -472,7 +474,8 @@ init_trustdb ()
|
|||||||
log_info(_("using %s trust model\n"),trust_model_string());
|
log_info(_("using %s trust model\n"),trust_model_string());
|
||||||
}
|
}
|
||||||
|
|
||||||
if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
|
if (opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC
|
||||||
|
|| opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP)
|
||||||
{
|
{
|
||||||
/* Verify the list of ultimately trusted keys and move the
|
/* Verify the list of ultimately trusted keys and move the
|
||||||
--trusted-keys list there as well. */
|
--trusted-keys list there as well. */
|
||||||
@ -494,7 +497,8 @@ void
|
|||||||
check_trustdb ()
|
check_trustdb ()
|
||||||
{
|
{
|
||||||
init_trustdb();
|
init_trustdb();
|
||||||
if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
|
if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
|
||||||
|
|| opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
|
||||||
{
|
{
|
||||||
if (opt.batch && !opt.answer_yes)
|
if (opt.batch && !opt.answer_yes)
|
||||||
{
|
{
|
||||||
@ -530,7 +534,8 @@ void
|
|||||||
update_trustdb()
|
update_trustdb()
|
||||||
{
|
{
|
||||||
init_trustdb();
|
init_trustdb();
|
||||||
if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
|
if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
|
||||||
|
|| opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
|
||||||
validate_keys (1);
|
validate_keys (1);
|
||||||
else
|
else
|
||||||
log_info (_("no need for a trustdb update with '%s' trust model\n"),
|
log_info (_("no need for a trustdb update with '%s' trust model\n"),
|
||||||
@ -946,7 +951,8 @@ tdb_check_trustdb_stale (void)
|
|||||||
return; /* No trustdb => can't be stale. */
|
return; /* No trustdb => can't be stale. */
|
||||||
|
|
||||||
if (!did_nextcheck
|
if (!did_nextcheck
|
||||||
&& (opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC))
|
&& (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
|
||||||
|
|| opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU))
|
||||||
{
|
{
|
||||||
ulong scheduled;
|
ulong scheduled;
|
||||||
|
|
||||||
@ -1938,6 +1944,11 @@ validate_keys (int interactive)
|
|||||||
do_sync ();
|
do_sync ();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (opt.trust_model == TM_TOFU)
|
||||||
|
/* In the TOFU trust model, we only need to save the ultimately
|
||||||
|
trusted keys. */
|
||||||
|
goto leave;
|
||||||
|
|
||||||
klist = utk_list;
|
klist = utk_list;
|
||||||
|
|
||||||
log_info(_("%d marginal(s) needed, %d complete(s) needed, %s trust model\n"),
|
log_info(_("%d marginal(s) needed, %d complete(s) needed, %s trust model\n"),
|
||||||
|
Loading…
x
Reference in New Issue
Block a user