[git] GnuPG - branch, master, updated. gnupg-2.1.16-58-g7572d27
by Neal H. Walfield
cvs at cvs.gnupg.org
Tue Dec 6 12:20:16 CET 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 7572d270fcda1614648c6f08d711d5096ffebbe6 (commit)
via 6102099985c1b82b6c0bba0464c1f913cc673e96 (commit)
via db6d8cfdc118131f497596ef1ffc121949377754 (commit)
via 17c717d7c92d9a52101fea7e396fc133322a8786 (commit)
via d5b18d6c55d65e8df2dd112651e3b9b3d9e6e27a (commit)
via bd9ebe1404c1395edd0e029023a9e780c90f6d73 (commit)
from 41b3d0975de65d1654f5e37c626d7c9b7c9a7a4d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 7572d270fcda1614648c6f08d711d5096ffebbe6
Author: Neal H. Walfield <neal at g10code.com>
Date: Tue Dec 6 12:16:15 2016 +0100
doc: Improve the text in the gpg manual
* doc/gpg.texi: Improve the text.
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 9d51dcb..3f54fe2 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -61,21 +61,24 @@
@command{@gpgname} is the OpenPGP part of the GNU Privacy Guard (GnuPG). It
is a tool to provide digital encryption and signing services using the
OpenPGP standard. @command{@gpgname} features complete key management and
-all bells and whistles you can expect from a decent OpenPGP
+all the bells and whistles you would expect from a full OpenPGP
implementation.
+There are two main versions of GnuPG: GnuPG 1.x and GnuPG 2.x. GnuPG
+2.x supports modern encryption algorithms and thus should be preferred
+over GnuPG 1.x. You only need to use GnuPG 1.x if your platform
+doesn't support GnuPG 2.x, or you need support for some features that
+GnuPG 2.x has deprecated, e.g., decrypting data created with PGP-2
+keys.
+
@ifclear gpgtwohack
-Note that this version of GnuPG features all modern algorithms and
-should thus be preferred over older GnuPG versions. If you are
-looking for version 1 of GnuPG, you may find that version installed
-under the name @command{gpg1}.
+If you are looking for version 1 of GnuPG, you may find that version
+installed under the name @command{gpg1}.
@end ifclear
@ifset gpgtwohack
-In contrast to the standalone command gpg from GnuPG 1.x, which
-might be better suited for server and embedded platforms, the 2.x
-version is commonly installed under the name @command{@gpgname} and
-targeted to the desktop as it requires several other modules to be
-installed.
+In contrast to the standalone command @command{gpg} from GnuPG 1.x,
+the 2.x version is commonly installed under the name
+ at command{@gpgname}.
@end ifset
@manpause
@@ -106,16 +109,18 @@ Developer information:
@section Commands
Commands are not distinguished from options except for the fact that
-only one command is allowed.
+only one command is allowed. Generally speaking, irrelevant options
+are silently ignored, and may not be checked for correctness.
- at command{@gpgname} may be run with no commands, in which case it will
+ at command{@gpgname} may be run with no commands. In this case it will
perform a reasonable action depending on the type of file it is given
as input (an encrypted message is decrypted, a signature is verified,
-a file containing keys is listed).
+a file containing keys is listed, etc.).
-Please remember that option as well as command parsing stops as soon as
-a non-option is encountered, you can explicitly stop parsing by
-using the special option @option{--}.
+Please remember that option and command parsing stops as soon as a
+non-option is encountered. Thus, options must precede the command.
+You can explicitly stop parsing by using the special option
+ at option{--}.
@menu
@@ -140,7 +145,7 @@ cannot abbreviate this command.
@item --help
@itemx -h
@opindex help
-Print a usage message summarizing the most useful command line options.
+Print a usage message summarizing the most useful command-line options.
Note that you cannot abbreviate this command.
@item --warranty
@@ -166,22 +171,22 @@ abbreviate this command.
@item --sign
@itemx -s
@opindex sign
-Make a signature. This command may be combined with @option{--encrypt}
-(for a signed and encrypted message), @option{--symmetric} (for a
-signed and symmetrically encrypted message), or @option{--encrypt} and
- at option{--symmetric} together (for a signed message that may be
-decrypted via a secret key or a passphrase). The key to be used for
-signing is chosen by default or can be set with the
+Sign a message. This command may be combined with @option{--encrypt}
+(to sign and encrypt a message), @option{--symmetric} (to sign and
+symmetrically encrypt a message), or both @option{--encrypt} and
+ at option{--symmetric} (to sign and encrypt a message that can be
+decrypted using a secret key or a passphrase). The signing key is
+chosen by default or can be set explicitly using the
@option{--local-user} and @option{--default-key} options.
@item --clearsign
@opindex clearsign
-Make a clear text signature. The content in a clear text signature is
+Make a cleartext signature. The content in a cleartext signature is
readable without any special software. OpenPGP software is only needed
-to verify the signature. Clear text signatures may modify end-of-line
+to verify the signature. cleartext signatures may modify end-of-line
whitespace for platform independence and are not intended to be
-reversible. The key to be used for signing is chosen by default or
-can be set with the @option{--local-user} and @option{--default-key}
+reversible. The signing key is chosen by default or can be set
+explicitly using the @option{--local-user} and @option{--default-key}
options.
@@ -193,11 +198,11 @@ Make a detached signature.
@item --encrypt
@itemx -e
@opindex encrypt
-Encrypt data. This command may be combined with @option{--sign} (for a
-signed and encrypted message), @option{--symmetric} (for a message that
-may be decrypted via a secret key or a passphrase), or @option{--sign}
-and @option{--symmetric} together (for a signed message that may be
-decrypted via a secret key or a passphrase).
+Encrypt data. This command may be combined with @option{--sign} (to
+sign and encrypt a message), @option{--symmetric} (to encrypt a
+message that can decrypted using a secret key or a passphrase), or
+ at option{--sign} and @option{--symmetric} together (for a signed
+message that can be decrypted using a secret key or a passphrase).
@item --symmetric
@itemx -c
@@ -223,32 +228,33 @@ is specified) and write it to STDOUT (or the file specified with
@option{--output}). If the decrypted file is signed, the signature is also
verified. This command differs from the default operation, as it never
writes to the filename which is included in the file and it rejects
-files which don't begin with an encrypted message.
+files that don't begin with an encrypted message.
@item --verify
@opindex verify
Assume that the first argument is a signed file and verify it without
generating any output. With no arguments, the signature packet is
-read from STDIN. If only a one argument is given, it is expected to
-be a complete signature.
+read from STDIN. If only one argument is given, the specified file is
+expected to include a complete signature.
-With more than 1 argument, the first should be a detached signature
-and the remaining files make up the the signed data. To read the signed
-data from STDIN, use @samp{-} as the second filename. For security
-reasons a detached signature cannot read the signed material from
-STDIN without denoting it in the above way.
+With more than one argument, the first argument should specify a file
+with a detached signature and the remaining files should contain the
+signed data. To read the signed data from STDIN, use @samp{-} as the
+second filename. For security reasons, a detached signature will not
+read the signed material from STDIN if not explicitly specified.
Note: If the option @option{--batch} is not used, @command{@gpgname}
-may assume that a single argument is a file with a detached signature
+may assume that a single argument is a file with a detached signature,
and it will try to find a matching data file by stripping certain
suffixes. Using this historical feature to verify a detached
-signature is strongly discouraged; always specify the data file too.
+signature is strongly discouraged; you should always specify the data file
+explicitly.
-Note: When verifying a cleartext signature, @command{gpg} verifies
+Note: When verifying a cleartext signature, @command{@gpgname} verifies
only what makes up the cleartext signed data and not any extra data
-outside of the cleartext signature or header lines following directly
+outside of the cleartext signature or the header lines directly following
the dash marker line. The option @code{--output} may be used to write
-out the actual signed data; but there are other pitfalls with this
+out the actual signed data, but there are other pitfalls with this
format as well. It is suggested to avoid cleartext signatures in
favor of detached signatures.
@@ -277,22 +283,23 @@ Identical to @option{--multifile --decrypt}.
@itemx -k
@itemx --list-public-keys
@opindex list-keys
-List all keys from the public keyrings, or just the keys given on the
-command line.
+List the specified keys. If no keys are specified, then all keys from
+the configured public keyrings are listed.
-Avoid using the output of this command in scripts or other programs as
-it is likely to change as GnuPG changes. See @option{--with-colons}
-for a machine-parseable key listing command that is appropriate for
-use in scripts and other programs. Never use the regular output for
-scripts --- it is only for human consumption.
+Never use the output of this command in scripts or other programs.
+The output is intended only for humans and its format is likely to
+change. The @option{--with-colons} option emits the output in a
+stable, machine-parseable format, which is intended for use by scripts
+and other programs.
@item --list-secret-keys
@itemx -K
@opindex list-secret-keys
-List all keys from the secret keyrings, or just the ones given on the
-command line. A @code{#} after the letters @code{sec} means that the
-secret key is not usable (for example, if it was created via
- at option{--export-secret-subkeys}). See also @option{--list-keys}.
+List the specified secret keys. If no keys are specified, then all
+known secret keys are listed. A @code{#} after the letters @code{sec}
+means that the secret key is not usable (for example, if it was
+exported using @option{--export-secret-subkeys}). See also
+ at option{--list-keys}.
@item --list-sigs
@opindex list-sigs
@@ -382,7 +389,7 @@ safeguard against accidental deletion of multiple keys.
Remove key from the secret keyring. In batch mode the key must be
specified by fingerprint. The option @option{--yes} can be used to
advice gpg-agent not to request a confirmation. This extra
-pre-caution is done because @command{gpg} can't be sure that the
+pre-caution is done because @command{@gpgname} can't be sure that the
secret key (as controlled by gpg-agent) is only used for the given
OpenPGP public key.
@@ -408,7 +415,7 @@ Similar to @option{--export} but sends the keys to a keyserver.
Fingerprints may be used instead of key IDs. Option @option{--keyserver}
must be used to give the name of this keyserver. Don't send your
complete keyring to a keyserver --- select only those keys which are new
-or changed by you. If no key IDs are given, @command{gpg} does nothing.
+or changed by you. If no key IDs are given, @command{@gpgname} does nothing.
@item --export-secret-keys
@itemx --export-secret-subkeys
@@ -417,21 +424,20 @@ or changed by you. If no key IDs are given, @command{gpg} does nothing.
Same as @option{--export}, but exports the secret keys instead. The
exported keys are written to STDOUT or to the file given with option
@option{--output}. This command is often used along with the option
- at option{--armor} to allow easy printing of the key for paper backup;
-however the external tool @command{paperkey} does a better job for
+ at option{--armor} to allow for easy printing of the key for paper backup;
+however the external tool @command{paperkey} does a better job of
creating backups on paper. Note that exporting a secret key can be a
security risk if the exported keys are sent over an insecure channel.
The second form of the command has the special property to render the
secret part of the primary key useless; this is a GNU extension to
OpenPGP and other implementations can not be expected to successfully
-import such a key. Its intended use is to generated a full key with
-an additional signing subkey on a dedicated machine and then using
-this command to export the key without the primary key to the main
-machine.
+import such a key. Its intended use is in generating a full key with
+an additional signing subkey on a dedicated machine. This command
+then exports the key without the primary key to the main machine.
GnuPG may ask you to enter the passphrase for the key. This is
-required because the internal protection method of the secret key is
+required, because the internal protection method of the secret key is
different from the one specified by the OpenPGP protocol.
@item --export-ssh-key
@@ -2038,7 +2044,7 @@ limited countermeasure against traffic analysis. If this option or
@opindex recipient-file
This option is similar to @option{--recipient} except that it
encrypts to a key stored in the given file. @var{file} must be the
-name of a file containing exactly one key. @command{gpg} assumes that
+name of a file containing exactly one key. @command{@gpgname} assumes that
the key in this file is fully valid.
@item --hidden-recipient-file @var{file}
@@ -2046,7 +2052,7 @@ the key in this file is fully valid.
@opindex hidden-recipient-file
This option is similar to @option{--hidden-recipient} except that it
encrypts to a key stored in the given file. @var{file} must be the
-name of a file containing exactly one key. @command{gpg} assumes that
+name of a file containing exactly one key. @command{@gpgname} assumes that
the key in this file is fully valid.
@item --encrypt-to @code{name}
@@ -2754,7 +2760,7 @@ file @code{file}.
@item --comment @code{string}
@itemx --no-comments
@opindex comment
-Use @code{string} as a comment string in clear text signatures and ASCII
+Use @code{string} as a comment string in cleartext signatures and ASCII
armored messages or keys (see @option{--armor}). The default behavior is
not to use a comment string. @option{--comment} may be repeated multiple
times to get multiple comment strings. @option{--no-comments} removes
@@ -3245,7 +3251,7 @@ internally used by the @command{gpgconf} tool.
@opindex gpgconf-test
This is more or less dummy action. However it parses the configuration
file and returns with failure if the configuration file would prevent
- at command{gpg} from startup. Thus it may be used to run a syntax check
+ at command{@gpgname} from startup. Thus it may be used to run a syntax check
on the configuration file.
@end table
@@ -3453,7 +3459,7 @@ Operation is further controlled by a few environment variables:
sign and encrypt for user Bob
@item gpg --clearsign @code{file}
-make a clear text signature
+make a cleartext signature
@item gpg -sb @code{file}
make a detached signature
@@ -3704,7 +3710,7 @@ already been reported to our bug tracker at http://bugs.gnupg.org .
@node Unattended Usage of GPG
@section Unattended Usage
- at command{gpg} is often used as a backend engine by other software. To help
+ at command{@gpgname} is often used as a backend engine by other software. To help
with this a machine interface has been defined to have an unambiguous
way to do this. The options @option{--status-fd} and @option{--batch}
are almost always required for this.
commit 6102099985c1b82b6c0bba0464c1f913cc673e96
Author: Neal H. Walfield <neal at g10code.com>
Date: Tue Dec 6 12:14:49 2016 +0100
g10: Avoid a memory leak.
* g10/gpg.c (main): Free KB when we're done with it.
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/g10/gpg.c b/g10/gpg.c
index 2deb27a..19a7a41 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -4845,6 +4845,8 @@ main (int argc, char **argv)
merge_keys_and_selfsig (kb);
if (tofu_set_policy (ctrl, kb, policy))
g10_exit (1);
+
+ release_kbnode (kb);
}
tofu_end_batch_update (ctrl);
commit db6d8cfdc118131f497596ef1ffc121949377754
Author: Neal H. Walfield <neal at g10code.com>
Date: Tue Dec 6 12:13:22 2016 +0100
tests: Change (interactive-shell) to start an interactive shell
* tests/gpgscm/tests.scm (interactive-shell): Start an interactive
shell.
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/tests/gpgscm/tests.scm b/tests/gpgscm/tests.scm
index 72afa99..1c170b0 100644
--- a/tests/gpgscm/tests.scm
+++ b/tests/gpgscm/tests.scm
@@ -492,4 +492,4 @@
;; Spawn an os shell.
(define (interactive-shell)
- (call-with-fds `(,(getenv "SHELL")) 0 1 2))
+ (call-with-fds `(,(getenv "SHELL") -i) 0 1 2))
commit 17c717d7c92d9a52101fea7e396fc133322a8786
Author: Neal H. Walfield <neal at g10code.com>
Date: Tue Dec 6 12:05:45 2016 +0100
tests: Check the signature count in the TOFU TFS record.
* tests/openpgp/tofu.scm: Check the signature count in the TOFU TFS
record.
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/tests/openpgp/tofu.scm b/tests/openpgp/tofu.scm
index c433085..bc45d99 100755
--- a/tests/openpgp/tofu.scm
+++ b/tests/openpgp/tofu.scm
@@ -164,6 +164,62 @@
(checkpolicy "1C005AF3" "bad")
(checkpolicy "B662E42F" "ask")
+;; Check that the stats are emitted correctly.
+
+(display "Checking TOFU stats...\n")
+
+(define (check-counts keyid expected-sigs expected-encs . args)
+ (let*
+ ((tfs (assoc "tfs"
+ (gpg-with-colons
+ `(--trust-model=tofu --with-tofu-info
+ , at args --list-keys ,keyid))))
+ (sigs (string->number (list-ref tfs 3)))
+ (encs (string->number (list-ref tfs 4))))
+ (display tfs)
+ (unless (= sigs expected-sigs)
+ (error keyid ": # signatures (" sigs ") does not match expected"
+ "# signatures (" expected-sigs ").\n"))
+ (unless (= encs expected-encs)
+ (error keyid ": # encryptions (" encs ") does not match expected"
+ "# encryptions (" expected-encs ").\n"))
+ ))
+
+;; Carefully remove the TOFU db.
+(catch '() (unlink (string-append GNUPGHOME "/tofu.db")))
+
+(check-counts "1C005AF3" 0 0)
+(check-counts "BE04EB2B" 0 0)
+(check-counts "B662E42F" 0 0)
+
+;; Verify a message. The signature count should increase by 1.
+(call-check `(, at GPG --trust-model=tofu
+ --verify ,(in-srcdir "tofu/conflicting/1C005AF3-1.txt")))
+(check-counts "1C005AF3" 1 0)
+
+;; Verify the same message. The signature count should remain the
+;; same.
+(call-check `(, at GPG --trust-model=tofu
+ --verify ,(in-srcdir "tofu/conflicting/1C005AF3-1.txt")))
+(check-counts "1C005AF3" 1 0)
+
+;; Verify another message.
+(call-check `(, at GPG --trust-model=tofu
+ --verify ,(in-srcdir "tofu/conflicting/1C005AF3-2.txt")))
+(check-counts "1C005AF3" 2 0)
+
+;; Verify another message.
+(call-check `(, at GPG --trust-model=tofu
+ --verify ,(in-srcdir "tofu/conflicting/1C005AF3-3.txt")))
+(check-counts "1C005AF3" 3 0)
+
+;; Verify a message from a different sender. The signature count
+;; should increase by 1 for that key.
+(call-check `(, at GPG --trust-model=tofu
+ --verify ,(in-srcdir "tofu/conflicting/BE04EB2B-1.txt")))
+(check-counts "1C005AF3" 3 0)
+(check-counts "BE04EB2B" 1 0)
+(check-counts "B662E42F" 0 0)
;; Check that we detect the following attack:
commit d5b18d6c55d65e8df2dd112651e3b9b3d9e6e27a
Author: Neal H. Walfield <neal at g10code.com>
Date: Tue Dec 6 11:17:13 2016 +0100
tests: Replace data used by the TOFU conflict test.
* tests/openpgp/tofu-2183839A-1.txt: Remove file.
* tests/openpgp/tofu-BC15C85A-1.txt: Remove file.
* tests/openpgp/tofu-EE37CF96-1.txt: Remove file.
* tests/openpgp/tofu-keys-secret.asc: Remove file.
* tests/openpgp/tofu-keys.asc: Remove file.
* tests/openpgp/tofu/conflicting/1C005AF3.gpg: New file.
* tests/openpgp/tofu/conflicting/1C005AF3-secret.gpg: New file.
* tests/openpgp/tofu/conflicting/1C005AF3-1.txt: New file.
* tests/openpgp/tofu/conflicting/1C005AF3-2.txt: New file.
* tests/openpgp/tofu/conflicting/1C005AF3-3.txt: New file.
* tests/openpgp/tofu/conflicting/1C005AF3-4.txt: New file.
* tests/openpgp/tofu/conflicting/1C005AF3-5.txt: New file.
* tests/openpgp/tofu/conflicting/B662E42F.gpg: New file.
* tests/openpgp/tofu/conflicting/B662E42F-secret.gpg: New file.
* tests/openpgp/tofu/conflicting/B662E42F-1.txt: New file.
* tests/openpgp/tofu/conflicting/B662E42F-2.txt: New file.
* tests/openpgp/tofu/conflicting/B662E42F-3.txt: New file.
* tests/openpgp/tofu/conflicting/B662E42F-4.txt: New file.
* tests/openpgp/tofu/conflicting/B662E42F-5.txt: New file.
* tests/openpgp/tofu/conflicting/BE04EB2B.gpg: New file.
* tests/openpgp/tofu/conflicting/BE04EB2B-secret.gpg: New file.
* tests/openpgp/tofu/conflicting/BE04EB2B-1.txt: New file.
* tests/openpgp/tofu/conflicting/BE04EB2B-2.txt: New file.
* tests/openpgp/tofu/conflicting/BE04EB2B-3.txt: New file.
* tests/openpgp/tofu/conflicting/BE04EB2B-4.txt: New file.
* tests/openpgp/tofu/conflicting/BE04EB2B-5.txt: New file.
* tests/openpgp/tofu/conflicting/README: New file.
* tests/openpgp/tofu.scm: Update accordingly.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
There are two motivations for this change. First, we decided that
test data should live in a subdirectory rather than in tests/openpgp.
Second, secret key material is password protected, and I don't
remember the password that I used. (The new data is not password
protected.) I have also added some new examples of signed messages.
diff --git a/tests/openpgp/tofu-2183839A-1.txt b/tests/openpgp/tofu-2183839A-1.txt
deleted file mode 100644
index 521b3bb..0000000
Binary files a/tests/openpgp/tofu-2183839A-1.txt and /dev/null differ
diff --git a/tests/openpgp/tofu-BC15C85A-1.txt b/tests/openpgp/tofu-BC15C85A-1.txt
deleted file mode 100644
index 88cc649..0000000
--- a/tests/openpgp/tofu-BC15C85A-1.txt
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN PGP MESSAGE-----
-Version: GnuPG v2
-
-owGbwMvMwMF46tzNaXtET0QxnmZPYgj9/c+Sq2MOCwMjBwMbKxOIy8DFKQBTo/SK
-hWFThVuj19r3R/6VzQkpaZuQx7s3r9BQ46v8KXkjb58dSjmXyr7enlCzb7dg1zE7
-aynbc6YTF+wXZI4IlAgPuLJhUeSXo0+WllxbFXUz39407cv15TcXThLj+3tFkSnZ
-YFXwM9+nfAoHpt6I/ZY96SJT3XFZKzO1jeZNJhZsV4Vfrjp0UmnH3E4A
-=X9WM
------END PGP MESSAGE-----
diff --git a/tests/openpgp/tofu-EE37CF96-1.txt b/tests/openpgp/tofu-EE37CF96-1.txt
deleted file mode 100644
index 33a38db..0000000
--- a/tests/openpgp/tofu-EE37CF96-1.txt
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN PGP MESSAGE-----
-Version: GnuPG v2
-
-owGbwMvMwMEY0Tqz9J35+WmMp9mTGEJ//xPk6pjDwsDIwcDGygTiMnBxCsDULFZm
-/sk4S36iQ6FuZZPMPdOSe/rZOxNThTmzvJN4l1qe9XGdlLhtpumfzh0uhRnzT2Xc
-jmra+ZdN9+XBhml//i7v6XrfuWu56OuEI/fXH0i3P5HELb+j++6SO85VemLq/tvO
-hNvWtddvuZ7+z2JJaqnP4wiu2t+sEze/MWKZ9zz+u2FV6a3OIyJxjwA=
-=JMtb
------END PGP MESSAGE-----
diff --git a/tests/openpgp/tofu-keys-secret.asc b/tests/openpgp/tofu-keys-secret.asc
deleted file mode 100755
index 68e0d20..0000000
--- a/tests/openpgp/tofu-keys-secret.asc
+++ /dev/null
@@ -1,95 +0,0 @@
------BEGIN PGP PRIVATE KEY BLOCK-----
-Version: GnuPG v2
-
-lgAAAgYEVfv86AEEAN20yizZgtnQaJPUV++9Z+rRg4XzjWpLvmiWMpTsn8qhjpyS
-kAa4/4P4/MRWVvSXiRC1uJ7T59Sbm/KFs8TdKaqIMuON3QYjztxm2NmDMA/f5FTv
-RuLkgKAEpwGOqI1Zvm3uleH8hkx0n45tHxCI3bLCfW+12lZxJCGNDBnhvj+5ABEB
-AAH+BwMCeYHLsHWjaoTufvOw6/xINpFQV8JcwSc+RaEIfmIwEwO242+vUEZefkia
-yMMJTd20C144zMr/3Tsx/+c8ULAbR/NBtuG49jsGWFJH2uN/5pi40x2S/afJuwru
-0co5xQSnpZtM4v9mvFM517IROhHY1pl6KpK87pZm5JHGB4525DpAYJ7vTTmHE2NW
-e5jr7a7SpXwTU7dKHbLxY+kofH7DLvMX6KjOJ/kDLIqnK3AeCwfhXkkRRP8UI/0J
-pZEPUyImag6FryRdoZJPTPX7TMWM4zrdnT6xOffIe1REpo59LVkvg6TiPtnlnuY8
-Y9NVZ+mWz0RHtxFh1b70G6D5C5Mdi/iGUAAfTwNhjdnmYsN1qKxcO533qlj/rXHn
-6uxauiR4d+7Ioy2RsPpY2FqTkgymhBLn6ZcYvzwEXaAygLUs8HmzPuiVm5Ls5UXn
-VKaRMc+DBQPz3W3CuMWsHAyKsg4ibp/6MSf0klYHUG8WVXI4tLGOkbg5HbQTVGVz
-dGluZyAoaW5zZWN1cmUhKYi9BBMBCAAnBQJV+/zoAhsDBQkB4TOABQsJCAcCBhUI
-CQoLAgQWAgMBAh4BAheAAAoJEFiFmXXuN8+WqPYEAIW+qAoFnc2emFnx/b+vKW9X
-1g3NLmsLyUUBI34GCh+sGa6C0SptdKc68uvKUc6daBiHuoukN4F+1rYUuNG8WNMs
-V/JwGPKVADPIFrgGiotMW770ZnzZsoqGWvwUnyrlaUI6AYHe4Uj9YAmnmi647A/u
-UxcI1H20M3dENSUyiS1zngAAAgUEVfv86AEEAMgaJrwhFOhEmHHgqyzx2KFzG4SD
-F6jyAg1CIVKmiLSBfNXWa43vJwfxLo7vbT1wy0iiJF8+ALD/ghppmZb9NpsiUC+X
-xT4ublOSvRgN+527WdUX8ym0EXxjpuSSW+hVZZwUP0K0fBdIVaVCawJGEp5Lc/mX
-KnjmXvLQxWSQYgB9ABEBAAH+BwMCtE0VqaVadDju5hPxFcvSTjNkKwGVZZgQBWVZ
-sYj/Sd/Pbc90xb3TSf/VQGVQhKei+GBmUPYOPqStOP30pJvK0SBxkJ2BYb876RJC
-lj48lkTGFPZwhw69BZq6QA5nfBm41V+W6iakdyEww6g1Q93AyzuAirBJraR+oQ6Q
-beqo52TtYAhpAQbUBsQ/1VO/1zx8eHOG298kYpU2Jo7Te81d03rWcSaDbJqcEmsI
-jJe1ccvQ8oU+k6ttbY3xTiKYWfJCxEaOcYpO4z1/94CPFYv1D5rJqJ/C0/SPmS4t
-4ZMqenEhsAGhMgPLKXNmQadQA2WBOATsSxmKCcC9LNjw1YudXPiLfHEnBKGQSbRF
-sZ2xZqRm7wRTQ/eXAJGGiQ41owstwSUAcFTGIhHunw9dy41CdgnZIEQCxb7R8tBv
-isRlG0cIpO5159LB3NECR4++xBB02nq6lOjysKDmYuWYuQakD1u9L6R+LQBVTxYL
-/iEK8wyf18n/iKUEGAEIAA8FAlX7/OgCGwwFCQHhM4AACgkQWIWZde43z5ZTvAP9
-EWGZu97aZhjIbD18Y2HjbXQn4L6iyeDMuM++Tsnnn57li+HLUAX8ieRHy1l/VE3t
-HhdcqRqAsrxnkGAWKMlYYZS9WHDzrffxtQlszOwpAOWdNDsWsPdbko95XvLatoqk
-t9KxB19sLao6eCBKwB9muMs10i86P+Cehwh97n/UNGOWAAACBgRV+/07AQQAxCWd
-rsUW2IhexMxOvMi32Z63bOEC5JkEy8tntGYwk54I2XGXRebdutMrXqh0nKO7p23k
-gfWjRp1dpbSp20AzdIkwsRlAjOuqhZ3Q6t+kP6xWtxAQI8YZ6lQ0VeZC0dTBllr3
-UlY4tw0emLcScNsGuDVUPYhQoJBMkk4oNw+wWfUAEQEAAf4HAwJNRwdntiqzHO76
-GxxlNilWuwitCGbGwZfmo8K8m2uAMzSKsxUp16rcLVvfQsEzS6rDhF4VbJQyLvZJ
-LDkXB0/DFbPVrxG8byJ2i6WKUzsqcevM29OXOmFfH1NVuVi5oUWbwCR6ctsNQSL7
-Bje0E6+6pme9YQtKgUIBzc2Dw+nq6WjfLc0aEc+rrXzWsJKEUKkjnaUa/AeAVYyO
-rTOk5fLrw6vy/sKsuScvLNvQUrr7U+g69gpk53Cyw2WILlADxbysg2CDMDsDmXk/
-sK6zikAgDjQTRaOJkX4BzCBoqZRaDbLMfze6kA6cwQqDTsUELy1ziH56FjRXuBqj
-D4IziA0/XE8gyMRtoMYXmF0pKBQh0RLoudorcPQE9PCFvKaXmASA80nMeBoYxlIm
-kPMBkkkwiXU4irc1m8phlcrZjYE12pxzWgSYBEwTbbzNe2EcFKf+H1vp9DXqZSua
-wLdiUx6JrSHGzoPl3XFAQXNFoOEGvlFN9nH+tBNUZXN0aW5nIChpbnNlY3VyZSEp
-iL0EEwEIACcFAlX7/TsCGwMFCQHhM4AFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AA
-CgkQys7ZlrwVyFq0NgP/cazey0+qJrTaQ0Z6eab1p8PMFE8BpcegrokxfJn61zo7
-JECjQW+htoOBBIQH32mtqjO/J/SbiBDp3xNcdabCnkphW4jkcgn+FoUbLA3GFk9f
-xtElNDGXHcQNimvhhxfrEr2Mi1yo2rKShiIO0N2yySXCJJIC9CXpDCAIhNdEYeCe
-AAACBQRV+/07AQQA3BJN5N1RI6uesA03xwTW1ABTV4tbjLROKLlTPbxb+TjWQAfQ
-lztbSavzjTO6wPPmHnGv2sXPiH2guET+thKAw1WchItKx+MiT8nnsBJHl950mqI8
-uTHGljkQBuKARVl1ELS3do6CQvGyG+5qHyl3crpED152Q5C/F53b4EfgNXEAEQEA
-Af4HAwL449o07unvl+6XONg4R9pVE0Qp0xCL5CmjhwlL8lUuGTvjciN+lXD6k7VH
-Xj9Wu86alkKZQKyZxESPtsRR5dGWgrvhmUrvPftRmO4PV7A5AS0yi54CQGaWSnOL
-nqVkENUs85Pq1LLfnM8MRIdGpS9225bwsAoB/eJk7zKNRGOUlzCDGW3f12aemyrR
-2RHGVPOvn6SVb8r8RkqCDMApR0j76cTMDiMyaGByi93y8qhXiu88Y+J/+fK5wQis
-FwPJGZVCqNTiglclgrNG4+z8G4SUvkA6W5yDiZyftN67TXqxJKKBXFS5gzWujPti
-boDzivsY9sP4Mkoc94TAmJeaLtNrqHy4UMo/m9YBmuP4hRJ7TCKmvVN4hZCN2mvJ
-4S1vi4Z9GnyxJAbxq9Gb1UA9glVAVt6bQVYO6ySIp4W29xFnoRUm4i0tCovWBn9x
-MWSkG5SLznbh2tKLN0uJGzh4G8xo2fdfx6tWy2x0gw95T5WDg7S2oe6IpQQYAQgA
-DwUCVfv9OwIbDAUJAeEzgAAKCRDKztmWvBXIWqexA/9nZUXs9BGcwpodhqjGY+H9
-/IUJua95jti9t0BleEu+h0R9O+XDEE/77IK9ET4f0t9WMfMhPO7ZIgUxFutB/Z7U
-MuyVteIvGxF/TTbQAKuCrnLYuPWkGiYjR9e0ZDbgmKrRZ/jwhdaxF0IHrR1PJLUn
-vO97qfZC7097/urCsWDMo5YAAAIGBFX8ElYBBACfcdcAcR6BJ2Ba3/HnQR1S0rG3
-8bWq8Rdtt072hDd16oQCNFpQs5WQNruCCpobmB6yOmjKJv8Cf9mxBdcQDxobcw6M
-lHPWZl04SoQKQOa5h6ptITxr+UFFFqfh7AZ7ZtDYaFfBqQX9fvdOX99C18SIcCcN
-0rHoxXfG7D/AaHEysQARAQAB/gcDAj0P/+idN7Q87sZYs1aBo3OqKKdl+a51tcgd
-80HdoEQWyIwOStl9+XleUHyrU5f9kni1I2NCrl+hLyPGaT8dGJinH103fgsGvY/L
-Z2lg5gsPdfb5U5Kyn8MfgAuAEVh0XiLOAVZf4tVjcn3jGW9VM/cDHQI9uwz0MtN0
-xxj1iw151/ydtFt4Qw+Ljh0cwBauiHSaG8rhfObJGbKpXNBJG6QfaGBlOAErO1my
-fr7UgWbul6xCZe/t7Um2rp5GxTJsN+AwDDLqSbwCzmArXRJiEnL5qaw891HuXTIC
-+lxtGNxP6bqe+4Bg/T+MIjJVWzx9avGR2WweSKBqbsyRkmZQCIkWDmp/g9t17ujo
-RrzNUT60Y0gMhJOQxZcgdXJtlT/X0RvP+tGAiVEAlvpQ+9RTzqvf4sZAPndpE4PY
-dKXJF5Pua9cWU+UceQV/Nr+JAlLzNWOlwSOJUVGsQ+RzeFJyB2D5xoG6tRI9idYU
-V+vcNGRpJzsXO6S0E1Rlc3RpbmcgKGluc2VjdXJlISmIvQQTAQgAJwUCVfwSVgIb
-AwUJAeEzgAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRA8WpFfIYODmknrA/96
-90yhjN3ELmWSJetKzvt7MlUS0j6UkA5VvDObCmAm+bDrQSGdwDJj6gu88b4biNEx
-Cz/Dmo67R9Z+gLE6LGvzYCPZ+GE/ZQ9VMo/AeUEZO44Aa7vRwnYFU0VmMJUeGQbC
-Je4JnLjF/+0yIgh/CtwFL3J/+9eayf6e6L/9WhUZ5J4AAAIGBFX8ElYBBADXznv8
-7J5i/EN8dMtjzx99LXtJdSJ3iJfp69d5V1FygvsDSlMZVekflWKF2ipHRulxLXea
-8mH0salQviQ32qPAyfCWpELLL2srTVezj6ntKVF9hZruQ2d1KBVV+syq6nSY9Eg8
-0mHizvIV5cR2b2X/X6qybJrwhW10oWh+cuLg6QARAQAB/gcDAkwZfkpx6rGW7qkb
-iuwl3c6d1o2x9HeiZG8fZ8UGU5n0Nx4bp4a60j/d+bJowww8sPRcJ+8mi/dNi9dC
-1Dls2CmmOP8U2DsPT189d+JiqlXUumhRyTo5ptglMrHkrMp489QpyCIUhW6HVopI
-ppdOJGE0kTJ7pRx0fevz3la5553IyglJ9iUqgxz2+9XlvDhSplz8zVhyZd5UPW94
-hi+vHCDf3TSakMFFZEVPCQaMunB7urI1wXx/mOT5BTSOp1PVq4SE5TtC2/GrHBU6
-/5wuqyhlT3oH+jF/GfvZQgattnkaFn/JY77/mfTCzyQb1/2iQMO8uTe8KjWAKd5h
-AoCcgxoX0rqSxe7YS2Obl1v0icWbg4wvI8WUAv5pRL7EMVcuUugrb40rWzOiJzYY
-IwEmO+tp08Ev+arbjEMzk+IXLTr3wDip/2oHHU3P2OSi46iLdueUvVnnNXff0H4e
-mqT2zlJQoPCbYMaKxL0yxvFnZLfCWolLOJaIpQQYAQgADwUCVfwSVgIbDAUJAeEz
-gAAKCRA8WpFfIYODmqzxBACNLC9j2EJvoiKhRMAUJTGCQvDWNWAI/2Ln/61Ftqu5
-+OoOI0N7uL1LjWNHrhS/PMKwcIu9iZn/uQV/OGj9YuKw58WeyKkTIEnD7bU5aUQk
-8jdRITPnr/InyHvs21P9hh18MZvDk9L9rL+uwK+9BkeL0MDL3wlAG57Fay9OXgY1
-CQ==
-=2SlE
------END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/tofu-keys.asc b/tests/openpgp/tofu-keys.asc
deleted file mode 100755
index 2de1cf7..0000000
--- a/tests/openpgp/tofu-keys.asc
+++ /dev/null
@@ -1,47 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v2
-
-mI0EVfv86AEEAN20yizZgtnQaJPUV++9Z+rRg4XzjWpLvmiWMpTsn8qhjpySkAa4
-/4P4/MRWVvSXiRC1uJ7T59Sbm/KFs8TdKaqIMuON3QYjztxm2NmDMA/f5FTvRuLk
-gKAEpwGOqI1Zvm3uleH8hkx0n45tHxCI3bLCfW+12lZxJCGNDBnhvj+5ABEBAAG0
-E1Rlc3RpbmcgKGluc2VjdXJlISmIvQQTAQgAJwUCVfv86AIbAwUJAeEzgAULCQgH
-AgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBYhZl17jfPlqj2BACFvqgKBZ3NnphZ8f2/
-rylvV9YNzS5rC8lFASN+BgofrBmugtEqbXSnOvLrylHOnWgYh7qLpDeBfta2FLjR
-vFjTLFfycBjylQAzyBa4BoqLTFu+9GZ82bKKhlr8FJ8q5WlCOgGB3uFI/WAJp5ou
-uOwP7lMXCNR9tDN3RDUlMoktc7iNBFX7/OgBBADIGia8IRToRJhx4Kss8dihcxuE
-gxeo8gINQiFSpoi0gXzV1muN7ycH8S6O7209cMtIoiRfPgCw/4IaaZmW/TabIlAv
-l8U+Lm5Tkr0YDfudu1nVF/MptBF8Y6bkklvoVWWcFD9CtHwXSFWlQmsCRhKeS3P5
-lyp45l7y0MVkkGIAfQARAQABiKUEGAEIAA8FAlX7/OgCGwwFCQHhM4AACgkQWIWZ
-de43z5ZTvAP9EWGZu97aZhjIbD18Y2HjbXQn4L6iyeDMuM++Tsnnn57li+HLUAX8
-ieRHy1l/VE3tHhdcqRqAsrxnkGAWKMlYYZS9WHDzrffxtQlszOwpAOWdNDsWsPdb
-ko95XvLatoqkt9KxB19sLao6eCBKwB9muMs10i86P+Cehwh97n/UNGOYjQRV+/07
-AQQAxCWdrsUW2IhexMxOvMi32Z63bOEC5JkEy8tntGYwk54I2XGXRebdutMrXqh0
-nKO7p23kgfWjRp1dpbSp20AzdIkwsRlAjOuqhZ3Q6t+kP6xWtxAQI8YZ6lQ0VeZC
-0dTBllr3UlY4tw0emLcScNsGuDVUPYhQoJBMkk4oNw+wWfUAEQEAAbQTVGVzdGlu
-ZyAoaW5zZWN1cmUhKYi9BBMBCAAnBQJV+/07AhsDBQkB4TOABQsJCAcCBhUICQoL
-AgQWAgMBAh4BAheAAAoJEMrO2Za8FchatDYD/3Gs3stPqia02kNGenmm9afDzBRP
-AaXHoK6JMXyZ+tc6OyRAo0FvobaDgQSEB99praozvyf0m4gQ6d8TXHWmwp5KYVuI
-5HIJ/haFGywNxhZPX8bRJTQxlx3EDYpr4YcX6xK9jItcqNqykoYiDtDdssklwiSS
-AvQl6QwgCITXRGHguI0EVfv9OwEEANwSTeTdUSOrnrANN8cE1tQAU1eLW4y0Tii5
-Uz28W/k41kAH0Jc7W0mr840zusDz5h5xr9rFz4h9oLhE/rYSgMNVnISLSsfjIk/J
-57ASR5fedJqiPLkxxpY5EAbigEVZdRC0t3aOgkLxshvuah8pd3K6RA9edkOQvxed
-2+BH4DVxABEBAAGIpQQYAQgADwUCVfv9OwIbDAUJAeEzgAAKCRDKztmWvBXIWqex
-A/9nZUXs9BGcwpodhqjGY+H9/IUJua95jti9t0BleEu+h0R9O+XDEE/77IK9ET4f
-0t9WMfMhPO7ZIgUxFutB/Z7UMuyVteIvGxF/TTbQAKuCrnLYuPWkGiYjR9e0ZDbg
-mKrRZ/jwhdaxF0IHrR1PJLUnvO97qfZC7097/urCsWDMo5iNBFX8ElYBBACfcdcA
-cR6BJ2Ba3/HnQR1S0rG38bWq8Rdtt072hDd16oQCNFpQs5WQNruCCpobmB6yOmjK
-Jv8Cf9mxBdcQDxobcw6MlHPWZl04SoQKQOa5h6ptITxr+UFFFqfh7AZ7ZtDYaFfB
-qQX9fvdOX99C18SIcCcN0rHoxXfG7D/AaHEysQARAQABtBNUZXN0aW5nIChpbnNl
-Y3VyZSEpiL0EEwEIACcFAlX8ElYCGwMFCQHhM4AFCwkIBwIGFQgJCgsCBBYCAwEC
-HgECF4AACgkQPFqRXyGDg5pJ6wP/evdMoYzdxC5lkiXrSs77ezJVEtI+lJAOVbwz
-mwpgJvmw60EhncAyY+oLvPG+G4jRMQs/w5qOu0fWfoCxOixr82Aj2fhhP2UPVTKP
-wHlBGTuOAGu70cJ2BVNFZjCVHhkGwiXuCZy4xf/tMiIIfwrcBS9yf/vXmsn+nui/
-/VoVGeS4jQRV/BJWAQQA1857/OyeYvxDfHTLY88ffS17SXUid4iX6evXeVdRcoL7
-A0pTGVXpH5VihdoqR0bpcS13mvJh9LGpUL4kN9qjwMnwlqRCyy9rK01Xs4+p7SlR
-fYWa7kNndSgVVfrMqup0mPRIPNJh4s7yFeXEdm9l/1+qsmya8IVtdKFofnLi4OkA
-EQEAAYilBBgBCAAPBQJV/BJWAhsMBQkB4TOAAAoJEDxakV8hg4OarPEEAI0sL2PY
-Qm+iIqFEwBQlMYJC8NY1YAj/Yuf/rUW2q7n46g4jQ3u4vUuNY0euFL88wrBwi72J
-mf+5BX84aP1i4rDnxZ7IqRMgScPttTlpRCTyN1EhM+ev8ifIe+zbU/2GHXwxm8OT
-0v2sv67Ar70GR4vQwMvfCUAbnsVrL05eBjUJ
-=Btw1
------END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/tofu.scm b/tests/openpgp/tofu.scm
index e1fa001..c433085 100755
--- a/tests/openpgp/tofu.scm
+++ b/tests/openpgp/tofu.scm
@@ -22,7 +22,7 @@
;; Redefine GPG without --always-trust and a fixed time.
(define GPG `(,(tool 'gpg) --no-permission-warning
- --faked-system-time=1466684990))
+ --faked-system-time=1480943782))
(define GNUPGHOME (getenv "GNUPGHOME"))
(if (string=? "" GNUPGHOME)
(error "GNUPGHOME not set"))
@@ -30,13 +30,13 @@
(catch (skip "Tofu not supported")
(call-check `(, at GPG --trust-model=tofu --list-config)))
-(define KEYS '("2183839A" "BC15C85A" "EE37CF96"))
+(define KEYS '("1C005AF3" "BE04EB2B" "B662E42F"))
;; Import the test keys.
-(call-check `(, at GPG --import ,(in-srcdir "tofu-keys.asc")))
-
-;; Make sure the keys are imported.
(for-each (lambda (keyid)
+ (call-check `(, at GPG --import
+ ,(in-srcdir "tofu/conflicting/"
+ (string-append keyid ".gpg"))))
(catch (error "Missing key" keyid)
(call-check `(, at GPG --list-keys ,keyid))))
KEYS)
@@ -104,18 +104,18 @@
;; Verify a message. There should be no conflict and the trust
;; policy should be set to auto.
(call-check `(, at GPG --trust-model=tofu
- --verify ,(in-srcdir "tofu-2183839A-1.txt")))
+ --verify ,(in-srcdir "tofu/conflicting/1C005AF3-1.txt")))
-(checkpolicy "2183839A" "auto")
+(checkpolicy "1C005AF3" "auto")
;; Check default trust.
-(checktrust "2183839A" "m")
+(checktrust "1C005AF3" "m")
;; Trust should be derived lazily. Thus, if the policy is set to
;; auto and we change --tofu-default-policy, then the trust should
;; change as well. Try it.
-(checktrust "2183839A" "f" '--tofu-default-policy=good)
-(checktrust "2183839A" "-" '--tofu-default-policy=unknown)
-(checktrust "2183839A" "n" '--tofu-default-policy=bad)
+(checktrust "1C005AF3" "f" '--tofu-default-policy=good)
+(checktrust "1C005AF3" "-" '--tofu-default-policy=unknown)
+(checktrust "1C005AF3" "n" '--tofu-default-policy=bad)
;; Change the policy to something other than auto and make sure the
;; policy and the trust are correct.
@@ -127,42 +127,42 @@
((string=? "good" policy) "f")
((string=? "unknown" policy) "-")
(else "n"))))
- (setpolicy "2183839A" policy)
+ (setpolicy "1C005AF3" policy)
;; Since we have a fixed policy, the trust level shouldn't
;; change if we change the default policy.
(for-each-p
""
(lambda (default-policy)
- (checkpolicy "2183839A" policy
+ (checkpolicy "1C005AF3" policy
'--tofu-default-policy default-policy)
- (checktrust "2183839A" expected-trust
+ (checktrust "1C005AF3" expected-trust
'--tofu-default-policy default-policy))
'("auto" "good" "unknown" "bad" "ask"))))
'("good" "unknown" "bad"))
-;; At the end, 2183839A's policy should be bad.
-(checkpolicy "2183839A" "bad")
+;; At the end, 1C005AF3's policy should be bad.
+(checkpolicy "1C005AF3" "bad")
-;; BC15C85A and 2183839A conflict. A policy setting of "auto"
-;; (BC15C85A's state) will result in an effective policy of ask. But,
+;; 1C005AF3 and BE04EB2B conflict. A policy setting of "auto"
+;; (BE04EB2B's state) will result in an effective policy of ask. But,
;; a policy setting of "bad" will result in an effective policy of
;; bad.
-(setpolicy "BC15C85A" "auto")
-(checkpolicy "BC15C85A" "ask")
-(checkpolicy "2183839A" "bad")
-
-;; EE37CF96, 2183839A, and BC15C85A conflict. We change BC15C85A's
-;; policy to auto and leave 2183839A's policy at bad. This conflict
-;; should cause BC15C85A's policy to be changed to ask (since it is
-;; auto), but not affect 2183839A's policy.
-(setpolicy "BC15C85A" "auto")
-(checkpolicy "BC15C85A" "ask")
+(setpolicy "BE04EB2B" "auto")
+(checkpolicy "BE04EB2B" "ask")
+(checkpolicy "1C005AF3" "bad")
+
+;; 1C005AF3, B662E42F, and BE04EB2B conflict. We change BE04EB2B's
+;; policy to auto and leave 1C005AF3's policy at bad. This conflict
+;; should cause BE04EB2B's effective policy to be ask (since it is
+;; auto), but not affect 1C005AF3's policy.
+(setpolicy "BE04EB2B" "auto")
+(checkpolicy "BE04EB2B" "ask")
(call-check `(, at GPG --trust-model=tofu
- --verify ,(in-srcdir "tofu-EE37CF96-1.txt")))
-(checkpolicy "BC15C85A" "ask")
-(checkpolicy "2183839A" "bad")
-(checkpolicy "EE37CF96" "ask")
+ --verify ,(in-srcdir "tofu/conflicting/B662E42F-1.txt")))
+(checkpolicy "BE04EB2B" "ask")
+(checkpolicy "1C005AF3" "bad")
+(checkpolicy "B662E42F" "ask")
diff --git a/tests/openpgp/tofu/conflicting/1C005AF3-1.txt b/tests/openpgp/tofu/conflicting/1C005AF3-1.txt
new file mode 100644
index 0000000..dba581d
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/1C005AF3-1.txt differ
diff --git a/tests/openpgp/tofu/conflicting/1C005AF3-2.txt b/tests/openpgp/tofu/conflicting/1C005AF3-2.txt
new file mode 100644
index 0000000..fde9fb8
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/1C005AF3-2.txt differ
diff --git a/tests/openpgp/tofu/conflicting/1C005AF3-3.txt b/tests/openpgp/tofu/conflicting/1C005AF3-3.txt
new file mode 100644
index 0000000..e6aa4ac
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/1C005AF3-3.txt differ
diff --git a/tests/openpgp/tofu/conflicting/1C005AF3-4.txt b/tests/openpgp/tofu/conflicting/1C005AF3-4.txt
new file mode 100644
index 0000000..6a14891
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/1C005AF3-4.txt differ
diff --git a/tests/openpgp/tofu/conflicting/1C005AF3-5.txt b/tests/openpgp/tofu/conflicting/1C005AF3-5.txt
new file mode 100644
index 0000000..12fb5fb
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/1C005AF3-5.txt differ
diff --git a/tests/openpgp/tofu/conflicting/1C005AF3-secret.gpg b/tests/openpgp/tofu/conflicting/1C005AF3-secret.gpg
new file mode 100644
index 0000000..5f1e78a
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/1C005AF3-secret.gpg differ
diff --git a/tests/openpgp/tofu/conflicting/1C005AF3.gpg b/tests/openpgp/tofu/conflicting/1C005AF3.gpg
new file mode 100644
index 0000000..7a75011
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/1C005AF3.gpg differ
diff --git a/tests/openpgp/tofu/conflicting/B662E42F-1.txt b/tests/openpgp/tofu/conflicting/B662E42F-1.txt
new file mode 100644
index 0000000..c39056c
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/B662E42F-1.txt differ
diff --git a/tests/openpgp/tofu/conflicting/B662E42F-2.txt b/tests/openpgp/tofu/conflicting/B662E42F-2.txt
new file mode 100644
index 0000000..a96ef9f
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/B662E42F-2.txt differ
diff --git a/tests/openpgp/tofu/conflicting/B662E42F-3.txt b/tests/openpgp/tofu/conflicting/B662E42F-3.txt
new file mode 100644
index 0000000..2e6e81b
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/B662E42F-3.txt differ
diff --git a/tests/openpgp/tofu/conflicting/B662E42F-4.txt b/tests/openpgp/tofu/conflicting/B662E42F-4.txt
new file mode 100644
index 0000000..470882f
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/B662E42F-4.txt differ
diff --git a/tests/openpgp/tofu/conflicting/B662E42F-5.txt b/tests/openpgp/tofu/conflicting/B662E42F-5.txt
new file mode 100644
index 0000000..21d54bc
--- /dev/null
+++ b/tests/openpgp/tofu/conflicting/B662E42F-5.txt
@@ -0,0 +1 @@
+£�›ÀËÌÀÁ¨%¶¼[Ò�}ÆÓ�I��®i’¦\ŒÆ,�Œ��²bŠ,ù&ÖkÏhí³‰ÒÓŒ†)ee�©càâ�€‰h&q0lÊ;S“ɵ´`ÅâKË�¾>ž¾}iÚ�ñªwò²ö5?VÙðF+�' |]ó$í/Ÿôj×m•³ÓJÄ�ß–TjY�‘À¤Á£<ÿø™i»½6%Æ|ªÿ÷¢aûÿGVkgË4eµ<akï�¿õ�ÓB�î U£o¿ffø�öZ<ÚñU[ÕÔhþÞJe�Ò�ÂníóÜýÞ뤙þœ¶šâœ
f~÷[”dm"v²•?P3}=×üŒŒ}Ó#"ò^µ±¬j-µ‘×ùTÒ²Õœ+/q=±&Ü>̬¸²åüëÏÕÕ%îíkºzùŠNëìýlʳê�מŸšž©:æü‘ŠÏ7�zü›žÎÐ\�oÞµs™úJÅs1éÚñû�
\ No newline at end of file
diff --git a/tests/openpgp/tofu/conflicting/B662E42F-secret.gpg b/tests/openpgp/tofu/conflicting/B662E42F-secret.gpg
new file mode 100644
index 0000000..7362ded
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/B662E42F-secret.gpg differ
diff --git a/tests/openpgp/tofu/conflicting/B662E42F.gpg b/tests/openpgp/tofu/conflicting/B662E42F.gpg
new file mode 100644
index 0000000..6c07520
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/B662E42F.gpg differ
diff --git a/tests/openpgp/tofu/conflicting/BE04EB2B-1.txt b/tests/openpgp/tofu/conflicting/BE04EB2B-1.txt
new file mode 100644
index 0000000..1b3de47
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/BE04EB2B-1.txt differ
diff --git a/tests/openpgp/tofu/conflicting/BE04EB2B-2.txt b/tests/openpgp/tofu/conflicting/BE04EB2B-2.txt
new file mode 100644
index 0000000..f4f5487
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/BE04EB2B-2.txt differ
diff --git a/tests/openpgp/tofu/conflicting/BE04EB2B-3.txt b/tests/openpgp/tofu/conflicting/BE04EB2B-3.txt
new file mode 100644
index 0000000..7451073
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/BE04EB2B-3.txt differ
diff --git a/tests/openpgp/tofu/conflicting/BE04EB2B-4.txt b/tests/openpgp/tofu/conflicting/BE04EB2B-4.txt
new file mode 100644
index 0000000..f15496d
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/BE04EB2B-4.txt differ
diff --git a/tests/openpgp/tofu/conflicting/BE04EB2B-5.txt b/tests/openpgp/tofu/conflicting/BE04EB2B-5.txt
new file mode 100644
index 0000000..39078f1
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/BE04EB2B-5.txt differ
diff --git a/tests/openpgp/tofu/conflicting/BE04EB2B-secret.gpg b/tests/openpgp/tofu/conflicting/BE04EB2B-secret.gpg
new file mode 100644
index 0000000..5d393aa
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/BE04EB2B-secret.gpg differ
diff --git a/tests/openpgp/tofu/conflicting/BE04EB2B.gpg b/tests/openpgp/tofu/conflicting/BE04EB2B.gpg
new file mode 100644
index 0000000..787b238
Binary files /dev/null and b/tests/openpgp/tofu/conflicting/BE04EB2B.gpg differ
diff --git a/tests/openpgp/tofu/conflicting/README b/tests/openpgp/tofu/conflicting/README
new file mode 100644
index 0000000..e2c48f2
--- /dev/null
+++ b/tests/openpgp/tofu/conflicting/README
@@ -0,0 +1,8 @@
+This directory contains three keys (1C005AF3, B662E42F, and BE04EB2B),
+which all have the same user id, namely "Joke Factory
+<joke.factory at example.com>".
+
+The keys are stored in KEYID.gpg. The secret key material is stored
+in KEYID-secret.gpg (the secret key material is not password
+protected). The files KEYID-N.txt contain messages, which are signed
+by KEYID. The message is "N\n".
commit bd9ebe1404c1395edd0e029023a9e780c90f6d73
Author: Neal H. Walfield <neal at g10code.com>
Date: Fri Dec 2 11:42:38 2016 +0100
g10: Remove dead code.
* g10/tofu.c (tofu_set_policy_by_keyid): Remove function.
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/g10/tofu.c b/g10/tofu.c
index 18f9c54..5b3e84c 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -3760,23 +3760,6 @@ tofu_set_policy (ctrl_t ctrl, kbnode_t kb, enum tofu_policy policy)
return err;
}
-/* Set the TOFU policy for all non-revoked user ids in the KEY with
- the key id KEYID to POLICY.
-
- If no key is available with the specified key id, then this
- function returns GPG_ERR_NO_PUBKEY.
-
- Returns 0 on success and an error code otherwise. */
-gpg_error_t
-tofu_set_policy_by_keyid (ctrl_t ctrl, u32 *keyid, enum tofu_policy policy)
-{
- kbnode_t keyblock = get_pubkeyblock (keyid);
- if (! keyblock)
- return gpg_error (GPG_ERR_NO_PUBKEY);
-
- return tofu_set_policy (ctrl, keyblock, policy);
-}
-
/* Return the TOFU policy for the specified binding in *POLICY. If no
policy has been set for the binding, sets *POLICY to
TOFU_POLICY_NONE.
diff --git a/g10/tofu.h b/g10/tofu.h
index 3ee2f41..7b1beea 100644
--- a/g10/tofu.h
+++ b/g10/tofu.h
@@ -120,11 +120,6 @@ int tofu_get_validity (ctrl_t ctrl,
POLICY. */
gpg_error_t tofu_set_policy (ctrl_t ctrl, kbnode_t kb, enum tofu_policy policy);
-/* Set the TOFU policy for all non-revoked users in the key with the
- key id KEYID to POLICY. */
-gpg_error_t tofu_set_policy_by_keyid (ctrl_t ctrl,
- u32 *keyid, enum tofu_policy policy);
-
/* Return the TOFU policy for the specified binding in *POLICY. */
gpg_error_t tofu_get_policy (ctrl_t ctrl,
PKT_public_key *pk, PKT_user_id *user_id,
-----------------------------------------------------------------------
Summary of changes:
doc/gpg.texi | 148 +++++++++++----------
g10/gpg.c | 2 +
g10/tofu.c | 17 ---
g10/tofu.h | 5 -
tests/gpgscm/tests.scm | 2 +-
tests/openpgp/tofu-2183839A-1.txt | Bin 191 -> 0 bytes
tests/openpgp/tofu-BC15C85A-1.txt | 9 --
tests/openpgp/tofu-EE37CF96-1.txt | 9 --
tests/openpgp/tofu-keys-secret.asc | 95 -------------
tests/openpgp/tofu-keys.asc | 47 -------
tests/openpgp/tofu.scm | 120 ++++++++++++-----
tests/openpgp/tofu/conflicting/1C005AF3-1.txt | Bin 0 -> 342 bytes
tests/openpgp/tofu/conflicting/1C005AF3-2.txt | Bin 0 -> 338 bytes
tests/openpgp/tofu/conflicting/1C005AF3-3.txt | Bin 0 -> 339 bytes
tests/openpgp/tofu/conflicting/1C005AF3-4.txt | Bin 0 -> 338 bytes
tests/openpgp/tofu/conflicting/1C005AF3-5.txt | Bin 0 -> 339 bytes
tests/openpgp/tofu/conflicting/1C005AF3-secret.gpg | Bin 0 -> 2537 bytes
tests/openpgp/tofu/conflicting/1C005AF3.gpg | Bin 0 -> 1235 bytes
tests/openpgp/tofu/conflicting/B662E42F-1.txt | Bin 0 -> 340 bytes
tests/openpgp/tofu/conflicting/B662E42F-2.txt | Bin 0 -> 339 bytes
tests/openpgp/tofu/conflicting/B662E42F-3.txt | Bin 0 -> 342 bytes
tests/openpgp/tofu/conflicting/B662E42F-4.txt | Bin 0 -> 340 bytes
tests/openpgp/tofu/conflicting/B662E42F-5.txt | 1 +
tests/openpgp/tofu/conflicting/B662E42F-secret.gpg | Bin 0 -> 2537 bytes
tests/openpgp/tofu/conflicting/B662E42F.gpg | Bin 0 -> 1235 bytes
tests/openpgp/tofu/conflicting/BE04EB2B-1.txt | Bin 0 -> 340 bytes
tests/openpgp/tofu/conflicting/BE04EB2B-2.txt | Bin 0 -> 342 bytes
tests/openpgp/tofu/conflicting/BE04EB2B-3.txt | Bin 0 -> 340 bytes
tests/openpgp/tofu/conflicting/BE04EB2B-4.txt | Bin 0 -> 342 bytes
tests/openpgp/tofu/conflicting/BE04EB2B-5.txt | Bin 0 -> 340 bytes
tests/openpgp/tofu/conflicting/BE04EB2B-secret.gpg | Bin 0 -> 2537 bytes
tests/openpgp/tofu/conflicting/BE04EB2B.gpg | Bin 0 -> 1235 bytes
tests/openpgp/tofu/conflicting/README | 8 ++
33 files changed, 177 insertions(+), 286 deletions(-)
delete mode 100644 tests/openpgp/tofu-2183839A-1.txt
delete mode 100644 tests/openpgp/tofu-BC15C85A-1.txt
delete mode 100644 tests/openpgp/tofu-EE37CF96-1.txt
delete mode 100755 tests/openpgp/tofu-keys-secret.asc
delete mode 100755 tests/openpgp/tofu-keys.asc
create mode 100644 tests/openpgp/tofu/conflicting/1C005AF3-1.txt
create mode 100644 tests/openpgp/tofu/conflicting/1C005AF3-2.txt
create mode 100644 tests/openpgp/tofu/conflicting/1C005AF3-3.txt
create mode 100644 tests/openpgp/tofu/conflicting/1C005AF3-4.txt
create mode 100644 tests/openpgp/tofu/conflicting/1C005AF3-5.txt
create mode 100644 tests/openpgp/tofu/conflicting/1C005AF3-secret.gpg
create mode 100644 tests/openpgp/tofu/conflicting/1C005AF3.gpg
create mode 100644 tests/openpgp/tofu/conflicting/B662E42F-1.txt
create mode 100644 tests/openpgp/tofu/conflicting/B662E42F-2.txt
create mode 100644 tests/openpgp/tofu/conflicting/B662E42F-3.txt
create mode 100644 tests/openpgp/tofu/conflicting/B662E42F-4.txt
create mode 100644 tests/openpgp/tofu/conflicting/B662E42F-5.txt
create mode 100644 tests/openpgp/tofu/conflicting/B662E42F-secret.gpg
create mode 100644 tests/openpgp/tofu/conflicting/B662E42F.gpg
create mode 100644 tests/openpgp/tofu/conflicting/BE04EB2B-1.txt
create mode 100644 tests/openpgp/tofu/conflicting/BE04EB2B-2.txt
create mode 100644 tests/openpgp/tofu/conflicting/BE04EB2B-3.txt
create mode 100644 tests/openpgp/tofu/conflicting/BE04EB2B-4.txt
create mode 100644 tests/openpgp/tofu/conflicting/BE04EB2B-5.txt
create mode 100644 tests/openpgp/tofu/conflicting/BE04EB2B-secret.gpg
create mode 100644 tests/openpgp/tofu/conflicting/BE04EB2B.gpg
create mode 100644 tests/openpgp/tofu/conflicting/README
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list