mirror of
git://git.gnupg.org/gnupg.git
synced 2024-11-09 21:28:51 +01:00
d0bd91ba73
* agent/gpg-agent.c (oNoUserTrustlist,oSysTrustlistName): New.
(opts): Add new option names.
(parse_rereadable_options): Parse options.
(finalize_rereadable_options): Reset allow-mark-trusted for the new
option.
* agent/agent.h (opt): Add fields no_user_trustlist and
sys_trustlist_name.
* agent/trustlist.c (make_sys_trustlist_name): New.
(read_one_trustfile): Use here.
(read_trustfiles): Use here. Implement --no-user-trustlist. Also
repalce "allow_include" by "systrust" and adjust callers.
--
With the global options we can now avoid that a user changes the
Root-CA trust by editing the trustlist.txt. However, to implement
this we need a new option so that we don't need to rely on some magic
like --no-allow-mark-trusted has been put into a force section.
The second option makes system administration easier as it allows to
keep the trustlist in a non-distributed file.
GnuPG-bug-id: 5990
Backported-from-master:
|
||
|---|---|---|
| .. | ||
| agent.h | ||
| all-tests.scm | ||
| cache.c | ||
| call-pinentry.c | ||
| call-scd.c | ||
| ChangeLog-2011 | ||
| command-ssh.c | ||
| command.c | ||
| cvt-openpgp.c | ||
| cvt-openpgp.h | ||
| divert-scd.c | ||
| findkey.c | ||
| genkey.c | ||
| gpg-agent-w32info.rc | ||
| gpg-agent.c | ||
| gpg-agent.w32-manifest.in | ||
| keyformat.txt | ||
| learncard.c | ||
| Makefile.am | ||
| pkdecrypt.c | ||
| pksign.c | ||
| preset-passphrase.c | ||
| protect-tool.c | ||
| protect.c | ||
| t-protect.c | ||
| trans.c | ||
| trustlist.c | ||
| w32main.c | ||
| w32main.h | ||