[git] GnuPG - branch, master, updated. gnupg-2.1.11-171-g33aacc3
by Werner Koch
cvs at cvs.gnupg.org
Tue May 3 11:27:27 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 33aacc3d4bbd6a82d7e7ceca058970879741b7da (commit)
via 83865be35cff5355a5c4575cc3b50609819b0baa (commit)
via ae1889320b822d48f7118a29391605e9ac992701 (commit)
from 5cef6118580fe658a27d32e85696d88775ad417a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 33aacc3d4bbd6a82d7e7ceca058970879741b7da
Author: Werner Koch <wk at gnupg.org>
Date: Tue May 3 11:26:06 2016 +0200
tests: Silence output of some tests.
* common/t-exechelp.c (print_open_fds): Silence non-verbose output.
(test_close_all_fds): Ditto.
* common/t-session-env.c (show_stdnames): Indent output.
* g10/test.c (TEST): Silence non-verbose okay output.
(exit_tests): Ditto.
* tools/gpg-zip.in (tar_verbose_opt): Add option --quiet.
* tests/openpgp/gpgtar.test (GPGZIP): Pass option --quiet.
* tests/openpgp/mds.test: Indent MD5 notice.
* tests/openpgp/version.test: Indent --version output.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/common/t-exechelp.c b/common/t-exechelp.c
index 19079d3..3a47dc8 100644
--- a/common/t-exechelp.c
+++ b/common/t-exechelp.c
@@ -35,18 +35,18 @@ print_open_fds (int *array)
{
int n;
+ if (!verbose)
+ return;
+
for (n=0; array[n] != -1; n++)
;
printf ("open file descriptors: %d", n);
- if (verbose)
- {
- putchar (' ');
- putchar (' ');
- putchar ('(');
- for (n=0; array[n] != -1; n++)
- printf ("%d%s", array[n], array[n+1] == -1?"":" ");
- putchar (')');
- }
+ putchar (' ');
+ putchar (' ');
+ putchar ('(');
+ for (n=0; array[n] != -1; n++)
+ printf ("%d%s", array[n], array[n+1] == -1?"":" ");
+ putchar (')');
putchar ('\n');
}
@@ -84,7 +84,8 @@ test_close_all_fds (void)
system (buffer);
#endif
- printf ("max. file descriptors: %d\n", max_fd);
+ if (verbose)
+ printf ("max. file descriptors: %d\n", max_fd);
array = xget_all_open_fds ();
print_open_fds (array);
for (initial_count=n=0; array[n] != -1; n++)
diff --git a/common/t-session-env.c b/common/t-session-env.c
index 46c6552..c5c7b0e 100644
--- a/common/t-session-env.c
+++ b/common/t-session-env.c
@@ -55,13 +55,24 @@ show_stdnames (void)
{
const char *name, *assname;
int iterator = 0;
+ int count;
- printf ("Known envvars:");
+ printf (" > Known envvars:");
+ count = 20;
while ((name = session_env_list_stdenvnames (&iterator, &assname)))
{
+ if (count > 60)
+ {
+ printf ("\n >");
+ count = 7;
+ }
printf ( " %s", name);
+ count += strlen (name) + 1;
if (assname)
- printf ( "(%s)", assname);
+ {
+ printf ( "(%s)", assname);
+ count += strlen (assname) + 2;
+ }
}
putchar('\n');
}
diff --git a/g10/test.c b/g10/test.c
index 39d5945..e9e2074 100644
--- a/g10/test.c
+++ b/g10/test.c
@@ -74,10 +74,13 @@ static int verbose;
\
if (test_result == expected_result) \
{ \
- printf (" ok.\n"); \
+ if (verbose) printf (" ok.\n"); \
} \
else \
{ \
+ if (!verbose) \
+ printf ("%d. Checking %s...", \
+ tests, (description) ?: ""); \
printf (" failed.\n"); \
printf (" %s == %s failed.\n", \
STRINGIFY(test), \
@@ -125,7 +128,8 @@ exit_tests (int force)
{
if (tests_failed == 0)
{
- printf ("All %d tests passed.\n", tests);
+ if (verbose)
+ printf ("All %d tests passed.\n", tests);
exit (!!force);
}
else
diff --git a/tests/openpgp/gpgtar.test b/tests/openpgp/gpgtar.test
index 63bed70..2f33f75 100755
--- a/tests/openpgp/gpgtar.test
+++ b/tests/openpgp/gpgtar.test
@@ -68,7 +68,7 @@ do_test()
awk '{print $NF}' "$FILELIST" | grep "^${F}$" >/dev/null
done
- $TOOL --gpg "$GPG" --gpg-args "$GPGARGS" $EXTRACT_FLAGS \
+ $TOOL --gpg "$GPG" --gpg-args "$GPGARGS" $EXTRACT_FLAGS --quiet \
--tar-args --directory="${TESTDIR}" \
"${TESTDIR}/test.tar.pgp"
for F in $TESTFILES
diff --git a/tests/openpgp/mds.test b/tests/openpgp/mds.test
index 944f535..bb73312 100755
--- a/tests/openpgp/mds.test
+++ b/tests/openpgp/mds.test
@@ -26,7 +26,7 @@ cat /dev/null | $GPG --with-colons --print-mds >y
if have_hash_algo "MD5"; then
test_one ":1:" "D41D8CD98F00B204E9800998ECF8427E"
else
- echo "Hash algorithm MD5 is not installed (not an error)"
+ echo " > Hash algorithm MD5 is not installed (not an error)"
fi
# SHA-1
test_one ":2:" "DA39A3EE5E6B4B0D3255BFEF95601890AFD80709"
diff --git a/tests/openpgp/version.test b/tests/openpgp/version.test
index be565fb..9d265ad 100755
--- a/tests/openpgp/version.test
+++ b/tests/openpgp/version.test
@@ -105,6 +105,6 @@ $GPG_PRESET_PASSPHRASE --preset -P abc A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD
info "Printing the GPG version"
-$GPG --version
+$GPG --version | awk '{print " > " $0}'
#fixme: check that the output is as expected
diff --git a/tools/gpg-zip.in b/tools/gpg-zip.in
index a6b4238..48c4766 100644
--- a/tools/gpg-zip.in
+++ b/tools/gpg-zip.in
@@ -34,6 +34,8 @@ Usage: gpg-zip [--help] [--version] [--encrypt] [--decrypt] [--symmetric]
Encrypt or sign files into an archive."
+tar_verbose_opt="v"
+
while test $# -gt 0 ; do
case $1 in
-h | --help | --h*)
@@ -113,6 +115,10 @@ while test $# -gt 0 ; do
shift
shift
;;
+ --quiet)
+ tar_verbose_opt=""
+ shift
+ ;;
--)
shift
break
@@ -135,7 +141,7 @@ elif test x$list = xyes ; then
cat "$1" | $GPG $gpg_args | $TAR $tar_args -tf -
elif test x$unpack = xyes ; then
# echo "cat \"$1\" | $GPG $gpg_args | $TAR $tar_args -xvf -" 1>&2
- cat "$1" | $GPG $gpg_args | $TAR $tar_args -xvf -
+ cat "$1" | $GPG $gpg_args | $TAR $tar_args -x${tar_verbose_opt}f -
else
echo "$usage" 1>&2
exit 1
commit 83865be35cff5355a5c4575cc3b50609819b0baa
Author: Werner Koch <wk at gnupg.org>
Date: Tue May 3 10:26:55 2016 +0200
gpg: Emit status lines TOFU_STATS and TOFU_STATS_LONG.
* g10/tofu.c (NO_WARNING_THRESHOLD): Rename to BASIC_TRUST_THRESHOLD.
(FULL_TRUST_THRESHOLD): New.
(write_stats_status): New.
(show_statistics): Call new function. Print TOFU_STATS_LONG.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/doc/DETAILS b/doc/DETAILS
index 7d5a5a8..5ceab68 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -668,10 +668,54 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
- shell :: The standard X.509 model.
- chain :: The chain model.
- steed :: The STEED model.
+ - tofu :: The TOFU model
Note that the term =TRUST_= in the status names is used for
historic reasons; we now speak of validity.
+*** TOFU_USER <fingerprint_in_hex> <mbox>
+
+ This status identifies the key and the userid for all following
+ Tofu information. The fingerprint is the fingerprint of the
+ primary key and the mbox is in general the mailbox part of the
+ userid encoded in UTF-8 and percent escaped.
+
+*** TOFU_STATS <validity> <sign-count> 0 [<policy> [<tm1> <tm2>]]
+
+ Statistics for the current user id.
+
+ Values for VALIDITY are:
+ - 0 :: conflict
+ - 1 :: key without history
+ - 2 :: key with too little history
+ - 3 :: key with enough history for basic trust
+ - 4 :: key with a lot of history
+
+ Values for POLICY are:
+ - none :: No Policy set
+ - auto :: Policy is "auto"
+ - good :: Policy is "good"
+ - bad :: Policy is "bad"
+ - ask :: Policy is "ask"
+ - unknown :: Policy is not known.
+
+ TM1 gives the number of seconds since the the first messages was
+ verified. TM2 gives the number of seconds since the most recent
+ message was verified.
+
+*** TOFU_STATS_SHORT <long_string>
+
+ Information about the TOFU binding for the signature.
+ Example: "15 signatures verified. 10 messages encrypted"
+
+*** TOFU_STATS_LONG <long_string>
+
+ Information about the TOFU binding for the signature in verbose
+ format. The LONG_STRING is percent escaped.
+ Example: 'Verified 9 messages signed by "Werner Koch
+ (dist sig)" in the past 3 minutes, 40 seconds. The most
+ recent message was verified 4 seconds ago.'
+
*** PKA_TRUST_
This is is one:
diff --git a/g10/tofu.c b/g10/tofu.c
index ed8bbbe..5213e03 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -47,8 +47,12 @@
#define CONTROL_L ('L' - 'A' + 1)
-/* Number of signed messages required to not show extra warnings. */
-#define NO_WARNING_THRESHOLD 10
+/* Number of signed messages required to indicate that enough history
+ * is available for basic trust. */
+#define BASIC_TRUST_THRESHOLD 10
+/* Number of signed messages required to indicate that a lot of
+ * history is available. */
+#define FULL_TRUST_THRESHOLD 100
#define DEBUG_TOFU_CACHE 0
@@ -2365,6 +2369,40 @@ time_ago_str (long long int t)
}
+/* Write TOFU_STATS status line. */
+static void
+write_stats_status (long messages, enum tofu_policy policy,
+ long first_seen_ago, long most_recent_seen_ago)
+{
+ char numbuf1[35];
+ char numbuf2[35];
+ char numbuf3[35];
+ const char *validity;
+
+ if (messages < 1)
+ validity = "1"; /* Key without history. */
+ else if (messages < BASIC_TRUST_THRESHOLD)
+ validity = "2"; /* Key with too little history. */
+ else if (messages < FULL_TRUST_THRESHOLD)
+ validity = "3"; /* Key with enough history for basic trust. */
+ else
+ validity = "4"; /* Key with a lot of history. */
+
+ snprintf (numbuf1, sizeof numbuf1, " %ld", messages);
+ *numbuf2 = *numbuf3 = 0;
+ if (first_seen_ago >= 0 && most_recent_seen_ago >= 0)
+ {
+ snprintf (numbuf2, sizeof numbuf2, " %ld", first_seen_ago);
+ snprintf (numbuf3, sizeof numbuf3, " %ld", most_recent_seen_ago);
+ }
+
+ write_status_strings (STATUS_TOFU_STATS,
+ validity, numbuf1, " 0",
+ " ", tofu_policy_str (policy),
+ numbuf2, numbuf3,
+ NULL);
+}
+
static void
show_statistics (struct dbs *dbs, const char *fingerprint,
const char *email, const char *user_id,
@@ -2407,8 +2445,11 @@ show_statistics (struct dbs *dbs, const char *fingerprint,
email, strlen (email), 0);
if (! strlist)
- log_info (_("Have never verified a message signed by key %s!\n"),
- fingerprint_pp);
+ {
+ log_info (_("Have never verified a message signed by key %s!\n"),
+ fingerprint_pp);
+ write_stats_status (0, TOFU_POLICY_NONE, -1, -1);
+ }
else
{
signed long messages;
@@ -2432,15 +2473,21 @@ show_statistics (struct dbs *dbs, const char *fingerprint,
}
if (messages == -1 || first_seen_ago == 0)
- log_info (_("Failed to collect signature statistics for \"%s\"\n"
- "(key %s)\n"),
- user_id, fingerprint_pp);
+ {
+ write_stats_status (0, TOFU_POLICY_NONE, -1, -1);
+ log_info (_("Failed to collect signature statistics for \"%s\"\n"
+ "(key %s)\n"),
+ user_id, fingerprint_pp);
+ }
else
{
enum tofu_policy policy = get_policy (dbs, fingerprint, email, NULL);
estream_t fp;
char *msg;
+ write_stats_status (messages, policy,
+ first_seen_ago, most_recent_seen_ago);
+
fp = es_fopenmem (0, "rw,samethread");
if (! fp)
log_fatal ("error creating memory stream: %s\n",
@@ -2497,12 +2544,18 @@ show_statistics (struct dbs *dbs, const char *fingerprint,
for (p=msg; *p; p++)
if (*p == '~')
*p = ' ';
+
+ /* Print a status line but suppress the trailing LF.
+ * Spaces are not percent escaped. */
+ if (*msg)
+ write_status_buffer (STATUS_TOFU_STATS_LONG,
+ msg, strlen (msg)-1, -1);
}
log_string (GPGRT_LOG_INFO, msg);
xfree (msg);
- if (policy == TOFU_POLICY_AUTO && messages < NO_WARNING_THRESHOLD)
+ if (policy == TOFU_POLICY_AUTO && messages < BASIC_TRUST_THRESHOLD)
{
char *set_policy_command;
char *text;
commit ae1889320b822d48f7118a29391605e9ac992701
Author: Werner Koch <wk at gnupg.org>
Date: Mon May 2 19:10:59 2016 +0200
gpg: Extend TRUST_foo status lines with the trust model.
* g10/trustdb.h (TRUST_FLAG_TOFU_BASED): New.
* g10/trustdb.c (trust_model_string): Lowercase the strings. Add arg
"model" and change callers to call with OPT.TRUST_MODEL.
* g10/tofu.c (tofu_wot_trust_combine): Set TRUST_FLAG_TOFU_BASED.
* g10/pkclist.c (write_trust_status): New.
(check_signatures_trust): Call new function.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/pkclist.c b/g10/pkclist.c
index b659cb8..de8897a 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -505,6 +505,22 @@ do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel )
}
+/* Write a TRUST_foo status line inclduing the validation model. */
+static void
+write_trust_status (int statuscode, int trustlevel)
+{
+ int tm;
+
+ /* For the combined tofu+pgp method, we return the trust model which
+ * was responsible for the trustlevel. */
+ if (opt.trust_model == TM_TOFU_PGP)
+ tm = (trustlevel & TRUST_FLAG_TOFU_BASED)? TM_TOFU : TM_PGP;
+ else
+ tm = opt.trust_model;
+ write_status_strings (statuscode, "0 ", trust_model_string (tm), NULL);
+}
+
+
/****************
* Check whether we can trust this signature.
* Returns an error code if we should not trust this signature.
@@ -626,7 +642,7 @@ check_signatures_trust( PKT_signature *sig )
/* fall thru */
case TRUST_UNKNOWN:
case TRUST_UNDEFINED:
- write_status( STATUS_TRUST_UNDEFINED );
+ write_trust_status (STATUS_TRUST_UNDEFINED, trustlevel);
log_info(_("WARNING: This key is not certified with"
" a trusted signature!\n"));
log_info(_(" There is no indication that the "
@@ -636,7 +652,7 @@ check_signatures_trust( PKT_signature *sig )
case TRUST_NEVER:
/* currently we won't get that status */
- write_status( STATUS_TRUST_NEVER );
+ write_trust_status (STATUS_TRUST_NEVER, trustlevel);
log_info(_("WARNING: We do NOT trust this key!\n"));
log_info(_(" The signature is probably a FORGERY.\n"));
if (opt.with_fingerprint)
@@ -645,7 +661,7 @@ check_signatures_trust( PKT_signature *sig )
break;
case TRUST_MARGINAL:
- write_status( STATUS_TRUST_MARGINAL );
+ write_trust_status (STATUS_TRUST_MARGINAL, trustlevel);
log_info(_("WARNING: This key is not certified with"
" sufficiently trusted signatures!\n"));
log_info(_(" It is not certain that the"
@@ -654,13 +670,13 @@ check_signatures_trust( PKT_signature *sig )
break;
case TRUST_FULLY:
- write_status( STATUS_TRUST_FULLY );
+ write_trust_status (STATUS_TRUST_FULLY, trustlevel);
if (opt.with_fingerprint)
print_fingerprint (NULL, pk, 1);
break;
case TRUST_ULTIMATE:
- write_status( STATUS_TRUST_ULTIMATE );
+ write_trust_status (STATUS_TRUST_ULTIMATE, trustlevel);
if (opt.with_fingerprint)
print_fingerprint (NULL, pk, 1);
break;
diff --git a/g10/tofu.c b/g10/tofu.c
index e163928..ed8bbbe 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -2795,17 +2795,30 @@ tofu_wot_trust_combine (int tofu_base, int wot_base)
/* Now we only have positive or neutral trust policies. We take
the max. */
- if (tofu == TRUST_ULTIMATE || wot == TRUST_ULTIMATE)
+ if (tofu == TRUST_ULTIMATE)
+ return upper | TRUST_ULTIMATE | TRUST_FLAG_TOFU_BASED;
+ if (wot == TRUST_ULTIMATE)
return upper | TRUST_ULTIMATE;
- if (tofu == TRUST_FULLY || wot == TRUST_FULLY)
+
+ if (tofu == TRUST_FULLY)
+ return upper | TRUST_FULLY | TRUST_FLAG_TOFU_BASED;
+ if (wot == TRUST_FULLY)
return upper | TRUST_FULLY;
- if (tofu == TRUST_MARGINAL || wot == TRUST_MARGINAL)
+
+ if (tofu == TRUST_MARGINAL)
+ return upper | TRUST_MARGINAL | TRUST_FLAG_TOFU_BASED;
+ if (wot == TRUST_MARGINAL)
return upper | TRUST_MARGINAL;
- if (tofu == TRUST_UNDEFINED || wot == TRUST_UNDEFINED)
+
+ if (tofu == TRUST_UNDEFINED)
+ return upper | TRUST_UNDEFINED | TRUST_FLAG_TOFU_BASED;
+ if (wot == TRUST_UNDEFINED)
return upper | TRUST_UNDEFINED;
+
return upper | TRUST_UNKNOWN;
}
+
/* Return the validity (TRUST_NEVER, etc.) of the binding
<FINGERPRINT, USER_ID>.
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 1bdc430..195a006 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -378,16 +378,16 @@ do_sync(void)
}
}
-static const char *
-trust_model_string(void)
+const char *
+trust_model_string (int model)
{
- switch(opt.trust_model)
+ switch (model)
{
case TM_CLASSIC: return "classic";
- case TM_PGP: return "PGP";
+ case TM_PGP: return "pgp";
case TM_EXTERNAL: return "external";
- case TM_TOFU: return "TOFU";
- case TM_TOFU_PGP: return "TOFU+PGP";
+ case TM_TOFU: return "tofu";
+ case TM_TOFU_PGP: return "tofu+pgp";
case TM_ALWAYS: return "always";
case TM_DIRECT: return "direct";
default: return "unknown";
@@ -470,7 +470,8 @@ init_trustdb ()
}
if(opt.verbose)
- log_info(_("using %s trust model\n"),trust_model_string());
+ log_info(_("using %s trust model\n"),
+ trust_model_string (opt.trust_model));
}
if (opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC
@@ -522,7 +523,7 @@ check_trustdb ()
}
else
log_info (_("no need for a trustdb check with '%s' trust model\n"),
- trust_model_string());
+ trust_model_string(opt.trust_model));
}
@@ -538,7 +539,7 @@ update_trustdb()
validate_keys (1);
else
log_info (_("no need for a trustdb update with '%s' trust model\n"),
- trust_model_string());
+ trust_model_string(opt.trust_model));
}
void
@@ -1963,7 +1964,8 @@ validate_keys (int interactive)
if (!opt.quiet)
log_info ("marginals needed: %d completes needed: %d trust model: %s\n",
- opt.marginals_needed, opt.completes_needed, trust_model_string());
+ opt.marginals_needed, opt.completes_needed,
+ trust_model_string (opt.trust_model));
for (depth=0; depth < opt.max_cert_depth; depth++)
{
diff --git a/g10/trustdb.h b/g10/trustdb.h
index 718f779..7e1307d 100644
--- a/g10/trustdb.h
+++ b/g10/trustdb.h
@@ -21,7 +21,7 @@
#ifndef G10_TRUSTDB_H
#define G10_TRUSTDB_H
-/* Trust values must be sorted in ascending order */
+/* Trust values must be sorted in ascending order! */
#define TRUST_MASK 15
#define TRUST_UNKNOWN 0 /* o: not yet calculated/assigned */
#define TRUST_EXPIRED 1 /* e: calculation may be invalid */
@@ -30,11 +30,13 @@
#define TRUST_MARGINAL 4 /* m: marginally trusted */
#define TRUST_FULLY 5 /* f: fully trusted */
#define TRUST_ULTIMATE 6 /* u: ultimately trusted */
-/* trust values not covered by the mask */
-#define TRUST_FLAG_REVOKED 32 /* r: revoked */
-#define TRUST_FLAG_SUB_REVOKED 64 /* r: revoked but for subkeys */
-#define TRUST_FLAG_DISABLED 128 /* d: key/uid disabled */
+/* Trust values not covered by the mask. */
+#define TRUST_FLAG_REVOKED 32 /* r: revoked */
+#define TRUST_FLAG_SUB_REVOKED 64 /* r: revoked but for subkeys */
+#define TRUST_FLAG_DISABLED 128 /* d: key/uid disabled */
#define TRUST_FLAG_PENDING_CHECK 256 /* a check-trustdb is pending */
+#define TRUST_FLAG_TOFU_BASED 512 /* The trust value is based on
+ * the TOFU information. */
/* Private value used in tofu.c - must be different from the trust
values. */
@@ -117,6 +119,7 @@ void check_trustdb (void);
void update_trustdb (void);
int setup_trustdb( int level, const char *dbname );
void how_to_fix_the_trustdb (void);
+const char *trust_model_string (int model);
void init_trustdb( void );
void tdb_check_trustdb_stale (void);
void sync_trustdb( void );
-----------------------------------------------------------------------
Summary of changes:
common/t-exechelp.c | 21 +++++------
common/t-session-env.c | 15 ++++++--
doc/DETAILS | 44 +++++++++++++++++++++++
g10/pkclist.c | 26 +++++++++++---
g10/test.c | 8 +++--
g10/tofu.c | 90 +++++++++++++++++++++++++++++++++++++++-------
g10/trustdb.c | 22 ++++++------
g10/trustdb.h | 13 ++++---
tests/openpgp/gpgtar.test | 2 +-
tests/openpgp/mds.test | 2 +-
tests/openpgp/version.test | 2 +-
tools/gpg-zip.in | 8 ++++-
12 files changed, 203 insertions(+), 50 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list