security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

agent: New option --no-user-trustlist and --sys-trustlist-name.

Browse source 
* agent/gpg-agent.c (oNoUserTrustlist,oSysTrustlistName): New.
(opts): Add new option names.
(parse_rereadable_options): Parse options.
(finalize_rereadable_options): Reset allow-mark-trusted for the new
option.
* agent/agent.h (opt): Add fields no_user_trustlist and
sys_trustlist_name.
* agent/trustlist.c (make_sys_trustlist_name): New.
(read_one_trustfile): Use here.
(read_trustfiles): Use here.  Implement --no-user-trustlist.  Also
repalce "allow_include" by "systrust" and adjust callers.
--

With the global options we can now avoid that a user changes the
Root-CA trust by editing the trustlist.txt.  However, to implement
this we need a new option so that we don't need to rely on some magic
like --no-allow-mark-trusted has been put into a force section.

The second option makes system administration easier as it allows to
keep the trustlist in a non-distributed file.

GnuPG-bug-id: 5990
Backported-from-master: 1530d04725
This commit is contained in:
Werner Koch 2022-06-14 14:25:21 +02:00
parent abe69b2094
commit d0bd91ba73
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
4 changed files with 77 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

19
doc/gpg-agent.texi
View file

@ -366,6 +366,21 @@ Do not allow clients to mark keys as trusted, i.e. put them into the
@file{trustlist.txt} file. This makes it harder for users to inadvertently
accept Root-CA keys.
@anchor{option --no-user-trustlist}
@item --no-user-trustlist
@opindex no-user-trustlist
Entirely ignore the user trust list and consider only the global
trustlist (@file{@value{SYSCONFDIR}/trustlist.txt}). This
implies the @ref{option --no-allow-mark-trusted}.
@item --sys-trustlist-name @var{file}
@opindex sys-trustlist-name
Changes the default name for the global trustlist from "trustlist.txt"
to @var{file}. If @var{file} does not contain any slashes and does
not start with "~/" it is searched in the system configuration
directory (@file{@value{SYSCONFDIR}}).
@anchor{option --allow-preset-passphrase}
@item --allow-preset-passphrase
@opindex allow-preset-passphrase
@ -794,7 +809,9 @@ that this file can't be changed inadvertently.
As a special feature a line @code{include-default} will include a global
list of trusted certificates (e.g. @file{@value{SYSCONFDIR}/trustlist.txt}).
This global list is also used if the local list is not available.
This global list is also used if the local list is not available;
the @ref{option --no-user-trustlist} enforces the use of only
this global list.
It is possible to add further flags after the @code{S} for use by the
caller: