[git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.15-2-g2528178
by Werner Koch
cvs at cvs.gnupg.org
Fri Oct 11 09:48:56 CEST 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-1-4 has been updated
via 2528178e7e2fac6454dd988121167305db7c71d9 (commit)
from 0a10f1f91e487d917b6141a4c16e24235a26f311 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2528178e7e2fac6454dd988121167305db7c71d9
Author: Werner Koch <wk at gnupg.org>
Date: Fri Oct 11 09:25:58 2013 +0200
gpg: Do not require a trustdb with --always-trust.
* g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
* g10/trustdb.c (trustdb_args): Add field no_trustdb.
(init_trustdb): Set that field.
(revalidation_mark): Take care of a nonexistent trustdb file.
(read_trust_options): Ditto.
(get_ownertrust): Ditto.
(get_min_ownertrust): Ditto.
(update_ownertrust): Ditto.
(update_min_ownertrust): Ditto.
(clear_ownertrusts): Ditto.
(cache_disabled_value): Ditto.
(check_trustdb_stale): Ditto.
(get_validity): Ditto.
* g10/gpg.c (main): Do not create a trustdb with most commands for
trust-model always.
--
This slightly changes the semantics of most commands in that they
won't create a trustdb if --trust-model=always is used. It just does
not make sense to create a trustdb if there is no need for it.
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit 1a0eeaacd1bf09fe5125dbc3f56016bc20f3512e)
Resolved conflicts:
g10/gpg.c
g10/tdbio.h
g10/trustdb.c
(indentation fixes)
diff --git a/NEWS b/NEWS
index ca4bfca..ad3471e 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
Noteworthy changes in version 1.4.16 (unreleased)
-------------------------------------------------
+ * Do not create a trustdb file if --trust-model=always is used.
+
Noteworthy changes in version 1.4.15 (2013-10-04)
-------------------------------------------------
diff --git a/g10/gpg.c b/g10/gpg.c
index b310308..ca120ab 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -3318,14 +3318,12 @@ main (int argc, char **argv )
case aFixTrustDB:
case aExportOwnerTrust: rc = setup_trustdb( 0, trustdb_name ); break;
case aListTrustDB: rc = setup_trustdb( argc? 1:0, trustdb_name ); break;
- case aEncr:
- case aEncrFiles:
- /* No need to create the trust model if we are using the
+ default:
+ /* No need to create the trust model if we are using the
* always trust model. */
rc = setup_trustdb (opt.trust_model != TM_ALWAYS, trustdb_name);
break;
- default: rc = setup_trustdb(1, trustdb_name ); break;
- }
+ }
if( rc )
log_error(_("failed to initialize the TrustDB: %s\n"), g10_errstr(rc));
diff --git a/g10/tdbio.c b/g10/tdbio.c
index 4f02ff9..f109dde 100644
--- a/g10/tdbio.c
+++ b/g10/tdbio.c
@@ -471,7 +471,7 @@ create_version_record (void)
int
-tdbio_set_dbname( const char *new_dbname, int create )
+tdbio_set_dbname( const char *new_dbname, int create, int *r_nofile)
{
char *fname;
static int initialized = 0;
@@ -481,6 +481,8 @@ tdbio_set_dbname( const char *new_dbname, int create )
initialized = 1;
}
+ *r_nofile = 0;
+
if(new_dbname==NULL)
fname=make_filename(opt.homedir,"trustdb" EXTSEP_S "gpg", NULL);
else if (*new_dbname != DIRSEP_C )
@@ -499,7 +501,9 @@ tdbio_set_dbname( const char *new_dbname, int create )
xfree(fname);
return G10ERR_TRUSTDB;
}
- if( create ) {
+ if (!create)
+ *r_nofile = 1;
+ else {
FILE *fp;
TRUSTREC rec;
int rc;
diff --git a/g10/tdbio.h b/g10/tdbio.h
index 39e8cba..dd6e9d3 100644
--- a/g10/tdbio.h
+++ b/g10/tdbio.h
@@ -90,7 +90,7 @@ typedef struct trust_record TRUSTREC;
/*-- tdbio.c --*/
int tdbio_update_version_record(void);
-int tdbio_set_dbname( const char *new_dbname, int create );
+int tdbio_set_dbname( const char *new_dbname, int create, int *r_nofile);
const char *tdbio_get_dbname(void);
void tdbio_dump_record( TRUSTREC *rec, FILE *fp );
int tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected );
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 24d675b..0bf92e4 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -48,7 +48,7 @@
/*
* A structure to store key identification as well as some stuff needed
- * for validation
+ * for validation
*/
struct key_item {
struct key_item *next;
@@ -64,7 +64,7 @@ typedef struct key_item **KeyHashTable; /* see new_key_hash_table() */
/*
* Structure to keep track of keys, this is used as an array wherre
- * the item right after the last one has a keyblock set to NULL.
+ * the item right after the last one has a keyblock set to NULL.
* Maybe we can drop this thing and replace it by key_item
*/
struct key_array {
@@ -77,6 +77,7 @@ static struct {
int init;
int level;
char *dbname;
+ int no_trustdb; /* Set if a trustdb file is not available. */
} trustdb_args;
/* some globals */
@@ -96,7 +97,7 @@ static struct key_item *
new_key_item (void)
{
struct key_item *k;
-
+
k = xmalloc_clear (sizeof *k);
return k;
}
@@ -118,11 +119,11 @@ release_key_items (struct key_item *k)
* For fast keylook up we need a hash table. Each byte of a KeyIDs
* should be distributed equally over the 256 possible values (except
* for v3 keyIDs but we consider them as not important here). So we
- * can just use 10 bits to index a table of 1024 key items.
+ * can just use 10 bits to index a table of 1024 key items.
* Possible optimization: Don not use key_items but other hash_table when the
- * duplicates lists gets too large.
+ * duplicates lists gets too large.
*/
-static KeyHashTable
+static KeyHashTable
new_key_hash_table (void)
{
struct key_item **tbl;
@@ -143,7 +144,7 @@ release_key_hash_table (KeyHashTable tbl)
xfree (tbl);
}
-/*
+/*
* Returns: True if the keyID is in the given hash table
*/
static int
@@ -168,7 +169,7 @@ add_key_hash_table (KeyHashTable tbl, u32 *kid)
for (k = tbl[(kid[1] & 0x03ff)]; k; k = k->next)
if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
return; /* already in table */
-
+
kk = new_key_item ();
kk->kid[0] = kid[0];
kk->kid[1] = kid[1];
@@ -238,7 +239,7 @@ add_utk (u32 *kid)
{
struct key_item *k;
- for (k = utk_list; k; k = k->next)
+ for (k = utk_list; k; k = k->next)
{
if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
{
@@ -273,15 +274,15 @@ verify_own_keys(void)
return;
/* scan the trustdb to find all ultimately trusted keys */
- for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
+ for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
{
- if ( rec.rectype == RECTYPE_TRUST
+ if ( rec.rectype == RECTYPE_TRUST
&& (rec.r.trust.ownertrust & TRUST_MASK) == TRUST_ULTIMATE)
{
byte *fpr = rec.r.trust.fingerprint;
int fprlen;
u32 kid[2];
-
+
/* Problem: We do only use fingerprints in the trustdb but
* we need the keyID here to indetify the key; we can only
* use that ugly hack to distinguish between 16 and 20
@@ -297,9 +298,9 @@ verify_own_keys(void)
}
/* Put any --trusted-key keys into the trustdb */
- for (k = user_utk_list; k; k = k->next)
+ for (k = user_utk_list; k; k = k->next)
{
- if ( add_utk (k->kid) )
+ if ( add_utk (k->kid) )
{ /* not yet in trustDB as ultimately trusted */
PKT_public_key pk;
@@ -445,7 +446,7 @@ init_trustdb()
if(level==0 || level==1)
{
- int rc = tdbio_set_dbname( dbname, !!level );
+ int rc = tdbio_set_dbname (dbname, !!level, &trustdb_args.no_trustdb);
if( rc )
log_fatal("can't init trustdb: %s\n", g10_errstr(rc) );
}
@@ -496,7 +497,7 @@ init_trustdb()
static int
trust_letter (unsigned int value)
{
- switch( (value & TRUST_MASK) )
+ switch( (value & TRUST_MASK) )
{
case TRUST_UNKNOWN: return '-';
case TRUST_EXPIRED: return 'e';
@@ -545,7 +546,7 @@ uid_trust_string_fixed(PKT_public_key *key,PKT_user_id *uid)
const char *
trust_value_to_string (unsigned int value)
{
- switch( (value & TRUST_MASK) )
+ switch( (value & TRUST_MASK) )
{
case TRUST_UNKNOWN: return _("unknown");
case TRUST_EXPIRED: return _("expired");
@@ -614,7 +615,7 @@ check_trustdb ()
/*
- * Recreate the WoT.
+ * Recreate the WoT.
*/
void
update_trustdb()
@@ -631,6 +632,9 @@ void
revalidation_mark (void)
{
init_trustdb();
+ if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+ return;
+
/* we simply set the time for the next check to 1 (far back in 1970)
* so that a --update-trustdb will be scheduled */
if (tdbio_write_nextcheck (1))
@@ -666,8 +670,10 @@ read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
TRUSTREC opts;
init_trustdb();
-
- read_record(0,&opts,RECTYPE_VER);
+ if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+ memset (&opts, 0, sizeof opts);
+ else
+ read_record(0,&opts,RECTYPE_VER);
if(trust_model)
*trust_model=opts.r.ver.trust_model;
@@ -689,29 +695,29 @@ read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
*********** Ownertrust et al. ****************
***********************************************/
-static int
+static int
read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
{
int rc;
-
+
init_trustdb();
rc = tdbio_search_trust_bypk (pk, rec);
if (rc == -1)
return -1; /* no record yet */
- if (rc)
+ if (rc)
{
log_error ("trustdb: searching trust record failed: %s\n",
g10_errstr (rc));
- return rc;
+ return rc;
}
-
+
if (rec->rectype != RECTYPE_TRUST)
{
log_error ("trustdb: record %lu is not a trust record\n",
rec->recnum);
- return G10ERR_TRUSTDB;
- }
-
+ return G10ERR_TRUSTDB;
+ }
+
return 0;
}
@@ -719,16 +725,19 @@ read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
* Return the assigned ownertrust value for the given public key.
* The key should be the primary key.
*/
-unsigned int
+unsigned int
get_ownertrust ( PKT_public_key *pk)
{
TRUSTREC rec;
int rc;
-
+
+ if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+ return TRUST_UNKNOWN;
+
rc = read_trust_record (pk, &rec);
if (rc == -1)
return TRUST_UNKNOWN; /* no record yet */
- if (rc)
+ if (rc)
{
tdbio_invalid ();
return rc; /* actually never reached */
@@ -737,16 +746,19 @@ get_ownertrust ( PKT_public_key *pk)
return rec.r.trust.ownertrust;
}
-unsigned int
+unsigned int
get_min_ownertrust (PKT_public_key *pk)
{
TRUSTREC rec;
int rc;
-
+
+ if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+ return TRUST_UNKNOWN;
+
rc = read_trust_record (pk, &rec);
if (rc == -1)
return TRUST_UNKNOWN; /* no record yet */
- if (rc)
+ if (rc)
{
tdbio_invalid ();
return rc; /* actually never reached */
@@ -809,7 +821,10 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
{
TRUSTREC rec;
int rc;
-
+
+ if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+ return;
+
rc = read_trust_record (pk, &rec);
if (!rc)
{
@@ -841,7 +856,7 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
do_sync ();
rc = 0;
}
- else
+ else
{
tdbio_invalid ();
}
@@ -854,6 +869,9 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
TRUSTREC rec;
int rc;
+ if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+ return;
+
pk = xmalloc_clear (sizeof *pk);
rc = get_pubkey (pk, kid);
if (rc)
@@ -895,7 +913,7 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
do_sync ();
rc = 0;
}
- else
+ else
{
tdbio_invalid ();
}
@@ -908,7 +926,10 @@ clear_ownertrusts (PKT_public_key *pk)
{
TRUSTREC rec;
int rc;
-
+
+ if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+ return 0;
+
rc = read_trust_record (pk, &rec);
if (!rc)
{
@@ -936,8 +957,8 @@ clear_ownertrusts (PKT_public_key *pk)
return 0;
}
-/*
- * Note: Caller has to do a sync
+/*
+ * Note: Caller has to do a sync
*/
static void
update_validity (PKT_public_key *pk, PKT_user_id *uid,
@@ -956,7 +977,7 @@ update_validity (PKT_public_key *pk, PKT_user_id *uid,
return;
}
if (rc == -1) /* no record yet - create a new one */
- {
+ {
size_t dummy;
rc = 0;
@@ -1011,6 +1032,8 @@ cache_disabled_value(PKT_public_key *pk)
return (pk->is_disabled==2);
init_trustdb();
+ if (trustdb_args.no_trustdb)
+ return 0; /* No trustdb => not disabled. */
rc = read_trust_record (pk, &trec);
if (rc && rc != -1)
@@ -1020,10 +1043,10 @@ cache_disabled_value(PKT_public_key *pk)
}
if (rc == -1) /* no record found, so assume not disabled */
goto leave;
-
+
if(trec.r.trust.ownertrust & TRUST_FLAG_DISABLED)
disabled=1;
-
+
/* Cache it for later so we don't need to look at the trustdb every
time */
if(disabled)
@@ -1041,6 +1064,9 @@ check_trustdb_stale(void)
static int did_nextcheck=0;
init_trustdb ();
+ if (trustdb_args.no_trustdb)
+ return; /* No trustdb => can't be stale. */
+
if (!did_nextcheck
&& (opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC))
{
@@ -1051,7 +1077,7 @@ check_trustdb_stale(void)
if ((scheduled && scheduled <= make_timestamp ())
|| pending_check_trustdb)
{
- if (opt.no_auto_check_trustdb)
+ if (opt.no_auto_check_trustdb)
{
pending_check_trustdb = 1;
log_info (_("please do a --check-trustdb\n"));
@@ -1068,7 +1094,7 @@ check_trustdb_stale(void)
/*
* Return the validity information for PK. If the namehash is not
* NULL, the validity of the corresponsing user ID is returned,
- * otherwise, a reasonable value for the entire key is returned.
+ * otherwise, a reasonable value for the entire key is returned.
*/
unsigned int
get_validity (PKT_public_key *pk, PKT_user_id *uid)
@@ -1084,6 +1110,14 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
namehash_from_uid(uid);
init_trustdb ();
+
+ /* If we have no trustdb (which also means it has not been created)
+ and the trust-model is always, we don't know the validity -
+ return immediately. If we won't do that the tdbio code would try
+ to open the trustdb and run into a fatal error. */
+ if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+ return TRUST_UNKNOWN;
+
check_trustdb_stale();
keyid_from_pk (pk, kid);
@@ -1097,7 +1131,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
log_error ("error getting main key %s of subkey %s: %s\n",
tempkeystr, keystr(kid), g10_errstr(rc));
xfree(tempkeystr);
- validity = TRUST_UNKNOWN;
+ validity = TRUST_UNKNOWN;
goto leave;
}
}
@@ -1120,7 +1154,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
}
if (rc == -1) /* no record found */
{
- validity = TRUST_UNKNOWN;
+ validity = TRUST_UNKNOWN;
goto leave;
}
@@ -1153,7 +1187,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
recno = vrec.r.valid.next;
}
-
+
if ( (trec.r.trust.ownertrust & TRUST_FLAG_DISABLED) )
{
validity |= TRUST_FLAG_DISABLED;
@@ -1172,7 +1206,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
* I initially designed it that way */
if (main_pk->has_expired || pk->has_expired)
validity = (validity & ~TRUST_MASK) | TRUST_EXPIRED;
-
+
if (pending_check_trustdb)
validity |= TRUST_FLAG_PENDING_CHECK;
@@ -1307,7 +1341,7 @@ ask_ownertrust (u32 *kid,int minimum)
keystr(kid), g10_errstr(rc) );
return TRUST_UNKNOWN;
}
-
+
if(opt.force_ownertrust)
{
log_info("force trust for key %s to %s\n",
@@ -1380,7 +1414,7 @@ dump_key_array (int depth, struct key_array *keys)
}
}
}
-}
+}
static void
@@ -1403,7 +1437,7 @@ store_validation_status (int depth, KBNODE keyblock, KeyHashTable stored)
status = TRUST_UNDEFINED;
else
status = 0;
-
+
if (status)
{
update_validity (keyblock->pkt->pkt.public_key,
@@ -1418,7 +1452,7 @@ store_validation_status (int depth, KBNODE keyblock, KeyHashTable stored)
if (any)
do_sync ();
-}
+}
/*
* check whether the signature sig is in the klist k
@@ -1450,7 +1484,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
{
KBNODE node;
PKT_signature *sig;
-
+
/* first check all signatures */
for (node=uidnode->next; node; node = node->next)
{
@@ -1483,7 +1517,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
continue;
}
node->flag |= 1<<9;
- }
+ }
/* reset the remaining flags */
for (; node; node = node->next)
node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
@@ -1531,7 +1565,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
older: if signode was older then we don't want to take n
as signode is nonrevocable. If n was older then we're
automatically fine. */
-
+
if(((IS_UID_SIG(signode->pkt->pkt.signature) &&
!signode->pkt->pkt.signature->flags.revocable &&
(signode->pkt->pkt.signature->expiredate==0 ||
@@ -1547,7 +1581,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
n was older then we don't want to take signode as n is
nonrevocable. If signode was older then we're
automatically fine. */
-
+
if((!(IS_UID_SIG(signode->pkt->pkt.signature) &&
!signode->pkt->pkt.signature->flags.revocable &&
(signode->pkt->pkt.signature->expiredate==0 ||
@@ -1578,7 +1612,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
sig = signode->pkt->pkt.signature;
if (IS_UID_SIG (sig))
- { /* this seems to be a usable one which is not revoked.
+ { /* this seems to be a usable one which is not revoked.
* Just need to check whether there is an expiration time,
* We do the expired certification after finding a suitable
* certification, the assumption is that a signator does not
@@ -1587,7 +1621,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
* different expiration time */
const byte *p;
u32 expire;
-
+
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL );
expire = p? sig->timestamp + buffer_to_u32(p) : 0;
@@ -1674,7 +1708,7 @@ clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only)
delete_kbnode(node);
deleted++;
}
-
+
return deleted;
}
@@ -1931,7 +1965,7 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
{
if (uid->help_full_count >= opt.completes_needed
|| uid->help_marginal_count >= opt.marginals_needed )
- uidnode->flag |= 4;
+ uidnode->flag |= 4;
else if (uid->help_full_count || uid->help_marginal_count)
uidnode->flag |= 2;
uidnode->flag |= 1;
@@ -1946,7 +1980,7 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
issigned = 0;
get_validity_counts(pk,uid);
- mark_usable_uid_certs (kb, uidnode, main_kid, klist,
+ mark_usable_uid_certs (kb, uidnode, main_kid, klist,
curtime, next_expire);
}
else if (node->pkt->pkttype == PKT_SIGNATURE
@@ -1954,7 +1988,7 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
{
/* Note that we are only seeing unrevoked sigs here */
PKT_signature *sig = node->pkt->pkt.signature;
-
+
kr = is_in_klist (klist, sig);
/* If the trust_regexp does not match, it's as if the sig
did not exist. This is safe for non-trust sigs as well
@@ -2047,7 +2081,7 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
{
if (uid->help_full_count >= opt.completes_needed
|| uid->help_marginal_count >= opt.marginals_needed )
- uidnode->flag |= 4;
+ uidnode->flag |= 4;
else if (uid->help_full_count || uid->help_marginal_count)
uidnode->flag |= 2;
uidnode->flag |= 1;
@@ -2070,7 +2104,7 @@ search_skipfnc (void *opaque, u32 *kid, PKT_user_id *dummy)
* kllist. The caller has to pass keydb handle so that we don't use
* to create our own. Returns either a key_array or NULL in case of
* an error. No results found are indicated by an empty array.
- * Caller hast to release the returned array.
+ * Caller hast to release the returned array.
*/
static struct key_array *
validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
@@ -2081,11 +2115,11 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
size_t nkeys, maxkeys;
int rc;
KEYDB_SEARCH_DESC desc;
-
+
maxkeys = 1000;
keys = xmalloc ((maxkeys+1) * sizeof *keys);
nkeys = 0;
-
+
rc = keydb_search_reset (hd);
if (rc)
{
@@ -2110,21 +2144,21 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
xfree (keys);
return NULL;
}
-
+
desc.mode = KEYDB_SEARCH_MODE_NEXT; /* change mode */
do
{
PKT_public_key *pk;
-
+
rc = keydb_get_keyblock (hd, &keyblock);
- if (rc)
+ if (rc)
{
log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
xfree (keys);
return NULL;
}
-
- if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
+
+ if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
{
log_debug ("ooops: invalid pkttype %d encountered\n",
keyblock->pkt->pkttype);
@@ -2134,7 +2168,7 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
}
/* prepare the keyblock for further processing */
- merge_keys_and_selfsig (keyblock);
+ merge_keys_and_selfsig (keyblock);
clear_kbnode_flags (keyblock);
pk = keyblock->pkt->pkt.public_key;
if (pk->has_expired || pk->is_revoked)
@@ -2171,9 +2205,9 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
release_kbnode (keyblock);
keyblock = NULL;
- }
+ }
while ( !(rc = keydb_search (hd, &desc, 1)) );
- if (rc && rc != -1)
+ if (rc && rc != -1)
{
log_error ("keydb_search_next failed: %s\n", g10_errstr(rc));
xfree (keys);
@@ -2182,7 +2216,7 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
keys[nkeys].keyblock = NULL;
return keys;
-}
+}
/* Caller must sync */
static void
@@ -2192,7 +2226,7 @@ reset_trust_records(void)
ulong recnum;
int count = 0, nreset = 0;
- for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
+ for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
{
if(rec.rectype==RECTYPE_TRUST)
{
@@ -2231,7 +2265,7 @@ reset_trust_records(void)
* Step 2: loop max_cert_times
* Step 3: if OWNERTRUST of any key in klist is undefined
* ask user to assign ownertrust
- * Step 4: Loop over all keys in the keyDB which are not marked seen
+ * Step 4: Loop over all keys in the keyDB which are not marked seen
* Step 5: if key is revoked or expired
* mark key as seen
* continue loop at Step 4
@@ -2243,7 +2277,7 @@ reset_trust_records(void)
* End Loop
* Step 8: Build a new klist from all fully trusted keys from step 6
* End Loop
- * Ready
+ * Ready
*
*/
static int
@@ -2313,7 +2347,7 @@ validate_keys (int interactive)
if ( pk->expiredate && pk->expiredate >= start_time
&& pk->expiredate < next_expire)
next_expire = pk->expiredate;
-
+
release_kbnode (keyblock);
do_sync ();
}
@@ -2389,7 +2423,7 @@ validate_keys (int interactive)
/* Find all keys which are signed by a key in kdlist */
keys = validate_key_list (kdb, full_trust, klist,
start_time, &next_expire);
- if (!keys)
+ if (!keys)
{
log_error ("validate_key_list failed\n");
rc = G10ERR_GENERAL;
@@ -2407,9 +2441,9 @@ validate_keys (int interactive)
store_validation_status (depth, kar->keyblock, stored);
log_info (_("depth: %d valid: %3d signed: %3d"
- " trust: %d-, %dq, %dn, %dm, %df, %du\n"),
+ " trust: %d-, %dq, %dn, %dm, %df, %du\n"),
depth, valids, key_count, ot_unknown, ot_undefined,
- ot_never, ot_marginal, ot_full, ot_ultimate );
+ ot_never, ot_marginal, ot_full, ot_ultimate );
/* Build a new kdlist from all fully valid keys in KEYS */
if (klist != utk_list)
@@ -2471,10 +2505,10 @@ validate_keys (int interactive)
if (!rc && !quit) /* mark trustDB as checked */
{
if (next_expire == 0xffffffff || next_expire < start_time )
- tdbio_write_nextcheck (0);
+ tdbio_write_nextcheck (0);
else
{
- tdbio_write_nextcheck (next_expire);
+ tdbio_write_nextcheck (next_expire);
log_info (_("next trustdb check due at %s\n"),
strtimestamp (next_expire));
}
-----------------------------------------------------------------------
Summary of changes:
NEWS | 2 +
g10/gpg.c | 8 +--
g10/tdbio.c | 8 ++-
g10/tdbio.h | 2 +-
g10/trustdb.c | 204 +++++++++++++++++++++++++++++++++------------------------
5 files changed, 131 insertions(+), 93 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list