1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-10 21:38:50 +01:00
Commit Graph

148 Commits

Author SHA1 Message Date
Werner Koch
a1cdf3c75f Converted all m_free to xfree etc. 2005-07-27 18:10:56 +00:00
David Shaw
8238e7698b * trustdb.c (clean_uids_from_key): Don't keep a valid selfsig around
when compacting a uid.  There is no reason to make an attacker's job
easier - this way they only have a revocation which is useless in
bringing the uid back.

* keydb.h, kbnode.c (undelete_kbnode): Removed.  No longer needed.

* import.c (chk_self_sigs): Allow a uid revocation to be enough to
allow importing a particular uid (no self sig needed).  This allows
importing compacted uids.
2005-07-09 02:34:04 +00:00
David Shaw
07e9d532b1 * keygen.c (save_unprotected_key_to_card): Fix gcc4 warning.
* options.h, import.c (parse_import_options, import_one): Add
import-clean-uids option to automatically compact unusable uids when
importing.  Like import-clean-sigs, this may nodify the local keyring.

* trustdb.c (clean_uids_from_key): Only allow selfsigs to be a
candidate for re-inclusion.
2005-06-14 03:55:19 +00:00
David Shaw
045433e35c * options.h, export.c (do_export_stream), keyedit.c (keyedit_menu,
menu_clean_subkeys_from_key), trustdb.h, trustdb.c
(clean_subkeys_from_key): Remove subkey cleaning function.  It is of
very limited usefulness since it cannot be used on any subkey that can
sign, and can only affect multiple selfsigs on encryption-only
subkeys.
2005-06-10 03:00:57 +00:00
David Shaw
31522bac1d * keydb.h, kbnode.c (undelete_kbnode): New function to undelete a
kbnode.

* trustdb.c (clean_uids_from_key): Further tweak the algorithm so that
the last good selfsig is kept when the chosen selfsig is a revocation.
2005-06-10 02:52:41 +00:00
David Shaw
475107dff3 * trustdb.c (clean_uids_from_key), keyedit.c
(menu_clean_uids_from_key): Tweak algorithm to preserve the last
selfsig which helps prevent uid resurrections.
2005-06-09 02:53:18 +00:00
David Shaw
db8adc2880 * keyedit.c (menu_clean_uids_from_key, menu_clean_subkeys_from_key),
trustdb.c (clean_uids_from_key, clean_subkeys_from_key): Fix mingw32 build
warnings.  Noted by Joe Vender.
2005-05-31 19:12:10 +00:00
Werner Koch
7d4043ca57 Updated FSF street address and preparations for a release candidate. 2005-05-31 08:39:18 +00:00
David Shaw
0a9827ca07 * trustdb.h, trustdb.c (clean_subkeys_from_key): New. Walk through
the subkeys on a key, and mark any that aren't usable for deletion.
Note that a signing subkey is never marked for deletion since these
keys are still useful after expiration or revocation.

* keyedit.c (menu_clean_subkeys_from_key): New function to call
clean_subkeys_from_key() on a key.  Note that the strings here are not
marked for translation yet.  The UI is still in flux, and there is no
point in annoying the translators twice.  (keyedit_menu): Call it here
as part of the "clean" command.
2005-05-31 03:59:24 +00:00
David Shaw
acac94aa90 * trustdb.h, trustdb.c (clean_uids_from_key): New. Walk through the
user IDs on a key, and mark any that aren't valid for deletion.

* keyedit.c (menu_clean_uids_from_key): New function to call
clean_uids_from_key() on a key.  (keyedit_menu): Call it from here as
part of the "clean" command.
2005-05-30 03:43:30 +00:00
David Shaw
f02fe1dafb * trustdb.h, trustdb.c (mark_usable_uid_certs): Add flags for the
no-pubkey and chosen revocation cases.  (clean_uid): New function to
clean a user ID of unusable (as defined by mark_usable_uid_certs)
certs.

* keyedit.c (keyedit_menu, menu_clean_uids): Call it here for new
"clean" command that removes unusable sigs from a key.
2005-04-24 18:35:30 +00:00
David Shaw
2dbfc709ad * trustdb.h, trustdb.c (trustdb_check_or_update): New. If the trustdb
is dirty and --interactive is set, do an --update-trustdb.  If not
interactive, do a --check_trustdb unless --no-auto-check-trustdb is
set.

* import.c (import_keys_internal): Moved from here.

* keyserver.c (keyserver_refresh): Call it here after all refreshing
has happened so that we don't rebuild after each preferred keyserver
set of imports, but do one big rebuild at the end.  This is Debian bug
#293816, noted by Kurt Roeckx.
2005-02-06 17:38:43 +00:00
David Shaw
7a388529a3 * apdu.c (apdu_send_le, apdu_send_direct), keylist.c
(status_one_subpacket, print_one_subpacket): Fix some compiler warnings.

* g10.c (main): Fix --compression-algo to take a string argument like
--compress-algo.

* trustdb.c (uid_trust_string_fixed): For safety, check for a pk.
2004-12-15 05:16:53 +00:00
David Shaw
7dd3fe2a79 * trustdb.c (uid_trust_string_fixed): Show uids as revoked if the key is
revoked.

* keyedit.c (show_key_with_all_names): Don't show validity for secret key
UIDs.

* keyedit.c (parse_sign_type): New.  Figure out the flags (local,
nonrevoke, trust) for a signature. (keyedit_menu): Call it here so we can
mix and match flags, and don't need "nrltsign", "ltsign", "tnrsign", etc,
etc, etc.
2004-12-14 14:42:41 +00:00
David Shaw
bf5d013bc8 * options.h, g10.c (main), textfilter.c (standard): Use --rfc2440 or
--openpgp directly to determine the end of line hashing rule.

* trustdb.c (uid_trust_string_fixed): Show uids as expired if the key is
expired.
2004-12-11 04:47:33 +00:00
David Shaw
3d165c4ecf * trustdb.c (uid_trust_string_fixed): Use a string that can be atoi-ed,
but also has a comment for the translator.
2004-11-25 03:48:34 +00:00
David Shaw
04b715e4da * trustdb.h, trustdb.c (uid_trust_string_fixed): New. Return a fixed-size
translatable string similar to trust_value_to_string. This allows for
easier lining up of displays.

* keyedit.c (show_key_with_all_names), keylist.c (list_keyblock_print):
Use it here to print validity strings.

* gpgv.c: Stub.
2004-11-24 05:25:03 +00:00
David Shaw
9a4dc13d5e * pkclist.c (do_edit_ownertrust): Different prompt when we're using direct
trust since the meaning is different.

* keyedit.c (trustsig_prompt): Change the strings to match the ones in
pkclist.c:do_edit_ownertrust to make translation easier.

* trustdb.c (trust_model_string, get_validity): Add direct trust model
which applies to the key as a whole and not per-uid.

* options.h, g10.c (parse_trust_model): New. (main): Call it from here to
do string-to-trust-model.
2004-10-13 15:34:52 +00:00
David Shaw
bf079613b7 * pkclist.c (do_edit_ownertrust): Use the same translated string for
showing the user ID as mainproc.c:print_pkenc_list.

* mainproc.c (print_pkenc_list): Allow translating the quotes around the
user ID.

* card-util.c, g10.c, photoid.c, trustdb.c: The last of the \"%s\" -> `%s'
quoting for things that aren't user IDs.

* keyserver.c (keyserver_spawn): If there is no keyserver host, print the
whole URI since it is self-contained.
2004-10-11 21:08:37 +00:00
Werner Koch
3624da002f some late minor fixes. 2004-05-22 11:33:47 +00:00
David Shaw
36a5e54e54 * trustdb.c (update_min_ownertrust, validate_keys): Do not use keystr
functions in log_debug.

* import.c (import_one): Try and collapse user IDs when importing a key
for the first time.

* keyedit.c (menu_addrevoker): Allow appointing a subkey as a designated
revoker if the user forces it via keyid!, so long as the subkey can
certify.  Also use the proper date string when prompting for confirmation.

* g10.c (main): Maintain ordering of multiple Comment lines. Requested by
Peter Hyman.
2004-03-19 23:15:27 +00:00
David Shaw
f16d78e14d * trustdb.c (add_utk, verify_own_keys, update_min_ownertrust,
get_validity, ask_ownertrust, validate_keys): --keyid-format conversion.
2004-03-15 23:15:57 +00:00
David Shaw
a84fe549da * plaintext.c: Copyright.
* encode.c (encode_simple): Show cipher with --verbose.

* options.h, g10.c (main), keyedit.c (sign_keys): Add --ask-cert-level
option to enable cert level prompts during sigs. Defaults to on.
Simplify --default-cert-check-level to --default-cert-level.  If
ask-cert-level is off, or batch is on, use the default-cert-level as the
cert level.

* options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Simplify
--min-cert-check-level to --min-cert-level.
2004-02-24 23:37:18 +00:00
David Shaw
643665c963 * options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Add
--min-cert-check-level option to specify minimum cert check level.
Defaults to 2 (so 0x11 sigs are ignored).  0x10 sigs cannot be ignored.
2004-02-23 04:00:51 +00:00
David Shaw
c8ab1bd127 * trustdb.c (reset_trust_records): New, faster, implementation that
doesn't involve a keyring scan. (clear_validity): Removed.
2004-01-21 03:19:13 +00:00
David Shaw
0fb284ac24 * g10.c (main), keydb.h, keydb.c (keydb_rebuild_caches), keyring.h,
keyring.c (keyring_rebuild_cache): Add "noisy" flag so cache rebuilds can
remain noisy when called for itself, and quiet when called as part of the
trustdb rebuild.

* trustdb.c (validate_keys): Rebuild the sig caches before building the
trustdb.  Note that this is going to require some architectual
re-thinking, as it is agonizingly slow.
2004-01-20 16:09:38 +00:00
David Shaw
3c0eb7790b * trustdb.c (validate_keys): Reset the trustdb before checking if we have
any ultimately trusted keys.  This ensures that if we lose all our
ultimately trusted keys, we don't leave behind the old validity
calculations.  Noted by Peter Palfrader.

* revoke.c (gen_desig_revoke): Specify in the comment when a designated
revocation is generated.

* getkey.c (merge_selfsigs_main, merge_selfsigs_subkey,
get_seckey_byname2): Remove Elgamal check since we are removing type 20
keys altogether.
2003-11-30 00:33:27 +00:00
David Shaw
c47ec46526 * options.h, trustdb.c (trust_model_string, init_trustdb): Add support for
"external" trust model, where the user can provide a pregenerated trustdb.

* keyedit.c (keyedit_menu): Do not allow editing ownertrust with an
external trust model trustdb.
2003-11-15 00:19:49 +00:00
David Shaw
5c37fd90bf * trustdb.h, trustdb.c (register_trusted_keyid): New. Adds a keyid to the
list of ultimately trusted keys.

* keygen.c (do_generate_keypair): Use it here so that the ultimate
ownertrust happens before the trustdb (might be) rebuilt.  Also fix an
error where the newly generated pk is thought to be a subkey by the
trustdb.

* g10.c (main): Fix --export-all do actually do something different than
--export.

* pkclist.c (build_pk_list): Show all recipients rather than showing each
recipient as they are added.

* mainproc.c (proc_symkey_enc, proc_encrypted): Keep a count of the number
of passphrases that can decrypt a symmetric or mixed symmetric/pk message
and include it in the list of keys shown to the user.
2003-11-01 01:13:16 +00:00
David Shaw
52100b459a * gpgv.c (check_trustdb_stale): Stub.
* trustdb.c (get_validity): Move the up-to-date check to
check_trustdb_stale (new), so that it can be called before validity is
checked.

* keylist.c (list_keyblock_print): Disable the overall key validity
display until it can be thought about more.  Use check_trustdb_stale here
to avoid putting the check warning in the middle of a listed key.

* trustdb.c (init_trustdb): Only verify_own_keys() for those trust models
that it applies to (i.e. classic and OpenPGP).
2003-09-30 15:30:39 +00:00
David Shaw
97dcb84cce * sign.c (mk_notation_policy_etc): Capitalize "URL".
* trustdb.c (validate_keys): Give a little more information while
rebuilding trustdb.

* pkclist.c (do_edit_ownertrust): Clarify "don't know".

* g10.c (main): Default to --no-mangle-dos-filenames.
2003-09-24 03:48:55 +00:00
David Shaw
4ccd51cb50 * keydb.h, keyring.c (keyring_search), trustdb.c (search_skipfnc): Expand
the skipfnc to include a pointer to the user ID that matched.

* getkey.c (skip_disabled): Rename to skip_unusable, and add checks for
expired or revoked user IDs.
2003-09-23 23:14:03 +00:00
David Shaw
fbdee01db9 * keygen.c (do_add_key_flags): Don't set the certify flag for subkeys.
(ask_algo): Provide key flags for DSA, Elgamal_e, and Elgamal subkeys.
(generate_keypair): Provide key flags for the default DSA/Elgamal keys.

* sig-check.c (signature_check, signature_check2, check_key_signature,
check_key_signature2): Allow passing NULLs for unused parameters in the x2
form of each function to avoid the need for dummy variables. getkey.c,
mainproc.c: Change all callers.

* trustdb.h, trustdb.c (read_trust_options): New.  Returns items from the
trustdb version record.

* keylist.c (public_key_list): Use it here for the new "tru" record.

* gpgv.c (read_trust_options): Stub.
2003-07-21 23:19:15 +00:00
David Shaw
f4617d97b8 * parse-packet.c (parse_signature): No need to reserve 8 bytes for the
unhashed signature cache any longer.

* misc.c (pct_expando): Add two new expandos - signer's fingerprint (%g),
and signer's primary fingerprint (%p).

* Makefile.am: Include W32LIBS where appropriate.

* g10.c (main): Add --rfc2440 alias for --openpgp since in a few months,
they won't be the same thing.

* keyserver.c (parse_keyserver_uri): Accept "http" as an alias for "hkp",
since it is occasionally written that way. (keyserver_spawn): Use
ascii_isspace to avoid locale issues.

* keygen.c (ask_user_id): Make --allow-freeform-uid apply to the email
field as well as the name field, and allow mixing fields when it is set.

* options.skel: Use subkeys.pgp.net as the default keyserver.

* trustdb.c (validate_one_keyblock): Certifications on revoked or expired
uids do not count in the web of trust.

* signal.c (init_one_signal, pause_on_sigusr, do_block): Only use
sigprocmask() if we have sigset_t, and only use sigaction() if we have
struct sigaction.  This is for Forte c89 on Solaris which seems to define
only the function call half of the two pairs by default.
(pause_on_sigusr): Typo. (do_block): If we can't use sigprocmask() and
sigset_t, try to get the number of signals from NSIG as well as MAXSIG,
and if we can't, fail with an explanation.

* signal.c, tdbio.c: Comment out the transaction code.  It was not used in
this version, and was causing some build problems on quasi-posix platforms
(Solaris and Forte c89).

* keylist.c (list_keyblock_colon): Don't include validity values when
listing secret keys since they can be incorrect and/or misleading.  This
is a temporary kludge, and will be handled properly in 1.9/2.0.

* mainproc.c (check_sig_and_print): Only show the "key available from"
preferred keyserver line if the key is not currently present.

* keyedit.c (sign_uids): Do not sign expired uids without --expert (same
behavior as revoked uids).  Do not allow signing a user ID without a
self-signature.  --expert overrides.  Add additional prompt to the
signature level question. (menu_expire): When changing expiration dates,
don't replace selfsigs on revoked uids since this would effectively
unrevoke them. There is also no point in replacing expired selfsigs.
This is bug #181

* g10.c (add_notation_data): Make sure that only ascii is passed to
iscntrl.  Noted by Christian Biere.

* getkey.c (classify_user_id2): Replaced isspace by spacep

* keygen.c (ask_user_id): Ditto. (get_parameter_algo): Ditto.

* keyedit.c (keyedit_menu): Ditto.

* tdbdump.c (import_ownertrust): Ditto.  s/isxdigit/hexdigitp/.

* revoke.c (ask_revocation_reason):

* keyserver.c (keyserver_spawn): Dito.
2003-07-10 14:30:07 +00:00
David Shaw
2e821d77f7 * trustdb.h, trustdb.c (is_disabled), gpgv.c (is_disabled): Rename
is_disabled to cache_disabled_value, which now takes a pk and not just the
keyid. This is for speed since there is no need to re-fetch a key when we
already have that key handy.  Cache the result of the check so we don't
need to hit the trustdb more than once.

* getkey.c (skip_disabled): New function to get a pk and call is_disabled
on it. (key_byname): Use it here.

* packet.h, getkey.c (skip_disabled), keylist.c (print_capabilities): New
"pk_is_disabled" macro to retrieve the cached disabled value if available,
and fill it in via cache_disabled_value if not available.

* trustdb.c (get_validity): Cache the disabled value since we have it
handy and it might be useful later.

* parse-packet.c (parse_key): Clear disabled flag when parsing a new key.
Just in case someone forgets to clear the whole key.

* getkey.c (merge_selfsigs_main): Add an "if all else fails" path for
setting a single user ID primary when there are multiple set primaries all
at the same second, or no primaries set and the most recent user IDs are
at the same second, or no signed user IDs at all. This is arbitrary, but
deterministic.

* exec.h, photoid.h: Add copyright message.

* keylist.c (list_keyblock_print): Don't dump attribs for
revoked/expired/etc uids for non-colon key listings.  This is for
consistency with --show-photos.

* main.h, keylist.c (dump_attribs), mainproc.c (check_sig_and_print): Dump
attribs if --attrib-fd is set when verifying signatures.

* g10.c (main): New --gnupg option to disable the various --openpgp,
--pgpX, etc. options.  This is the same as --no-XXXX for those options.

* revoke.c (ask_revocation_reason): Clear old reason if user elects to
repeat question.  This is bug 153.

* keyedit.c (sign_uids): Show keyid of the key making the signature.
2003-05-21 16:42:22 +00:00
David Shaw
f861b6488e * tdbio.c (create_version_record): Only create new trustdbs with
TM_CLASSIC or TM_PGP.

* trustdb.h, trustdb.c (trust_string, get_ownertrust_string,
get_validity_string, ask_ownertrust, validate_keys), pkclist.c
(do_edit_ownertrust): Rename trust_string to trust_value_to_string for
naming consistency.

* trustdb.h, trustdb.c (string_to_trust_value): New function to translate
a string to a trust value.

* g10.c (main): Use string_to_trust_value here for --force-ownertrust.

* options.h, g10.c (main), trustdb.c (trust_model_string, init_trustdb,
check_trustdb, update_trustdb, get_validity, validate_one_keyblock): An
"OpenPGP" trust model is misleading since there is no official OpenPGP
trust model.  Use "PGP" instead.
2003-05-01 21:37:08 +00:00
David Shaw
1fc1d26083 * build-packet.c (build_sig_subpkt): Comments.
* exec.c (exec_write): Cast NULL to void* to properly terminate varargs
list.

* keyedit.c (show_key_with_all_names): Just for safety, catch an invalid
pk algorithm.

* sign.c (make_keysig_packet): Crucial that the call to mksubpkt comes
LAST before the calls to finalize the sig as that makes it possible for
the mksubpkt function to get a reliable pointer to the subpacket area.

* pkclist.c (do_we_trust_pre): If an untrusted key was chosen by a
particular user ID, use that ID as the one to ask about when prompting
whether to use the key anyway. (build_pk_list): Similar change here when
adding keys to the recipient list.

* trustdb.c (update_validity): Fix bug that prevented more than one
validity record per trust record. (get_validity): When retrieving validity
for a (user) supplied user ID, return the validity for that user ID only,
and do not fall back to the general key validity. (validate_one_keyblock):
Some commentary on whether non-self-signed user IDs belong in the web of
trust (arguably, they do).
2003-04-30 05:33:52 +00:00
David Shaw
9f6fa94486 * g10.c (main): Add --no-textmode.
* export.c (do_export_stream), keyedit.c (show_key_with_all_names,
menu_addrevoker), mainproc.c (check_sig_and_print), photoid.c
(show_photos), sign.c (mk_notation_and_policy), trustdb.c (get_validity,
reset_trust_records, validate_keys): Make some strings translatable.

* mainproc.c (check_sig_and_print): Show digest algorithm and sig class
when verifying a sig with --verbose on, and add version, pk and hash
algorithms and sig class to VALIDSIG.

* parse-packet.c (enum_sig_subpkt): Make a warning message a --verbose
warning message since we don't need to warn every time we see an unknown
critical (we only need to invalidate the signature).

* trustdb.c (init_trustdb): Check the trustdb options even with TM_AUTO
since the auto may become TM_CLASSIC or TM_OPENPGP.
2003-04-27 20:22:09 +00:00
David Shaw
a01bda6abd * sign.c (do_sign): Show the hash used when making a signature in verbose
mode.

* tdbio.h, tdbio.c (tdbio_read_model): New function to return the trust
model used in a given trustdb.

* options.h, g10.c (main), trustdb.c (init_trustdb, check_trustdb,
update_trustdb): Use tdbio_read_model to implement an "auto" trust model
which is set via the trustdb.
2003-04-26 20:38:16 +00:00
David Shaw
d2548b3f60 * keydb.h: Err on the side of making an unknown signature a SIG rather
than a CERT.

* import.c (delete_inv_parts): Discard any key signatures that aren't key
types (i.e. 0x00, 0x01, etc.)

* g10.c (main): Add deprecated option warning for --list-ownertrust.  Add
--compression-algo alias for --compress-algo.  Change --version output
strings to match "showpref" strings, and make translatable.

* status.c (do_get_from_fd): Accept 'y' as well as 'Y' for --command-fd
boolean input.

* trustdb.c: Fix typo (DISABLE_REGEXP -> DISABLE_REGEX)

* keyedit.c (show_key_with_all_names_colon): Show no-ks-modify flag.
2003-03-24 20:05:53 +00:00
David Shaw
909f6a0637 * trustdb.c (validate_keys): Mask the ownertrust when building the list of
fully valid keys so that disabled keys are still counted in the web of
trust. (get_ownertrust_with_min): Do the same for the minimum ownertrust
calculation.

* parse-packet.c (dump_sig_subpkt): Show the notation names for
not-human-readable notations.  Fix cosmetic off-by-one length counter.

* options.skel: Add explantion and commented-out
"no-mangle-dos-filenames".

* mainproc.c (proc_encrypted): Make string translatable.

* keyserver.c (keyserver_spawn): Quote ':', '%', and any 8-bit characters
in the uid strings sent to the keyserver helper.

* keyring.c (keyring_rebuild_cache): Lock the keyring while rebuilding the
signature caches to prevent another gpg from tampering with the temporary
copy.

* keygen.c (keygen_set_std_prefs): Include AES192 and AES256 in default
prefs.

* keyedit.c (show_prefs): Make strings translatable.

* keydb.c: Double the maximum number of keyrings to 40.

* gpgv.c (main): Fix bug #113 - gpgv should accept the
--ignore-time-conflict option.

* g10.c (main): --openpgp disables --pgpX.  Double the amount of secure
memory to 32k (keys are getting bigger these days).

* Makefile.am: Makefile.am: Use @CAPLIBS@ to link in -lcap if we are using
capabilities.
2003-03-04 15:24:12 +00:00
David Shaw
b7ea66ef37 * trustdb.c (init_trustdb, get_validity): Don't use a changed trust model
to indicate a dirty trustdb, and never auto-rebuild a dirty trustdb with
the "always" trust model.

* g10.c (add_group): Last commit missed the \t ;)
2003-01-15 17:07:54 +00:00
David Shaw
773513c70b * packet.h, parse-packet.c (setup_user_id), free-packet.c (free_user_id),
keydb.h, keyid.c (namehash_from_uid): New function to rmd160-hash the
contents of a user ID packet and cache it in the uid object.

* keylist.c (list_keyblock_colon): Use namehash in field 8 of uids.  Show
dates for creation (selfsig date), and expiration in fields 6 and 7.

* trustdb.c (get_validity, get_validity_counts, update_validity): Use new
namehash function rather than hashing it locally.
2003-01-14 18:13:22 +00:00
David Shaw
7a5c4d215c * trustdb.c (get_validity_info, get_ownertrust_info, trust_letter):
Simplify by returning a ? for error directly.

* keyedit.c (show_key_with_all_names): Use get_validity_string and
get_ownertrust_string to show full word versions of trust (i.e. "full"
instead of 'f').

* trustdb.h, trustdb.c (get_ownertrust_string, get_validity_string): Same
as get_ownertrust_info, and get_validity_info, except returns a full
string.

* trustdb.c (get_ownertrust_with_min): New.  Same as 'get_ownertrust' but
takes the min_ownertrust value into account.
2003-01-11 21:13:41 +00:00
David Shaw
8b3b70499a * armor.c (armor_filter): Comment about PGP's end of line tab problem.
* trustdb.h, trustdb.c (trust_letter): Make static. (get_ownertrust_info,
get_validity_info): Don't mask the trust level twice.

* trustdb.h, gpgv.c, trustdb.c (get_validity, get_validity_info),
keylist.c (list_keyblock_colon), keyedit.c (show_key_with_all_names_colon,
menu_revuid): Pass a user ID in rather than a namehash, so we only have to
do the hashing in one place.

* packet.h, pkclist.c (build_pk_list), free-packet.c
(release_public_key_parts): Remove unused namehash element for public
keys.
2003-01-11 03:57:00 +00:00
David Shaw
7b278538c7 * trustdb.c (get_validity_info): 'd' for disabled is not a validity value
any more.
2003-01-07 00:06:02 +00:00
David Shaw
af6e3ef045 * packet.h, tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record),
trustdb.c (update_validity): Store temporary full & marginal counts in the
trustdb. (clear_validity, get_validity_counts): Return and clear temp
counts. (store_validation_status): Keep track of which keyids have been
stored. (validate_one_keyblock, validate_key_list): Use per-uid copies of
the full & marginal counts so they can be recalled for multiple levels.
(validate_keys): Only use unused keys for each new round.
(reset_unconnected_keys): Rename to reset_trust_records, and only skip
specifically excluded records.
2003-01-06 22:56:08 +00:00
David Shaw
c974390d37 * keylist.c (print_capabilities): Show 'D' for disabled keys in
capabilities section.

* trustdb.c (is_disabled): Remove incorrect comment.
2003-01-06 21:01:44 +00:00
David Shaw
f3f1015f6a * keydb.h, getkey.c (key_byname): Flag to enable or disable including
disabled keys.  Keys specified via keyid (i.e. 0x...) are always included.

* getkey.c (get_pubkey_byname, get_seckey_byname2, get_seckey_bynames),
keyedit.c (keyedit_menu, menu_addrevoker): Include disabled keys in these
functions.

* pkclist.c (build_pk_list): Do not include disabled keys for -r or the
key prompt.  Do include disabled keys for the default key and
--encrypt-to.

* trustdb.h, trustdb.c (is_disabled): New skipfnc for skipping disabled
keys.

* gpgv.c (is_disabled): Stub.

* keygen.c (keygen_add_key_expire): Properly handle updating a key
expiration to a no-expiration value.

* keyedit.c (enable_disable_key): Comment.

* import.c (import_one): When in interactive mode and --verbose, don't
repeat some key information twice.
2002-12-26 22:22:50 +00:00
David Shaw
6a4bd944a8 * pkclist.c (do_we_trust): Tweak language to refer to the "named
user" rather than "owner".  Noted by Stefan Bellon.

* trustdb.h, trustdb.c (trustdb_pending_check): New function to
check if the trustdb needs a check.

* import.c (import_keys_internal): Used here so we don't rebuild
the trustdb if it is still clean.
(import_one, chk_self_sigs): Only mark trustdb dirty if the key
that is being imported has any sigs other than self-sigs.
Suggested by Adrian von Bidder.

* options.skel: Include the required '=' sign in the sample
'group' option.  Noted by Stefan Bellon.

* import.c (chk_self_sigs): Don't try and check a subkey as if it
was a signature.
2002-12-13 21:10:53 +00:00