[git] GnuPG - branch, master, updated. gnupg-2.1.15-41-gf2e5cb6

by Neal H. Walfield cvs at cvs.gnupg.org
Thu Sep 1 13:29:58 CEST 2016 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  f2e5cb6ffb55e49a05d452cd85e45f6f67c20abb (commit)
      from  0cb0ea1633955fb7acd33fe993a4ae4e96e83ae3 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f2e5cb6ffb55e49a05d452cd85e45f6f67c20abb
Author: Neal H. Walfield <neal at g10code.com>
Date:   Thu Sep 1 13:29:56 2016 +0200

    g10: Add support for TRUST_NEVER.
    
    * g10/pkclist.c (do_we_trust): Handle TRUST_NEVER, which can be
    returned by the TOFU trust model.
    (do_we_trust_pre): Print a different message if TRUSTLEVEL is
    TRUST_NEVER.
    (check_signatures_trust): Improve comment.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/pkclist.c b/g10/pkclist.c
index 63d32d1..f7b2483 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -449,6 +449,13 @@ do_we_trust( PKT_public_key *pk, unsigned int trustlevel )
       if( opt.verbose )
 	log_info(_("This key belongs to us\n"));
       return 1; /* yes */
+
+    case TRUST_NEVER:
+      /* This is retruned can be returned by TOFU, which can return
+         negative assertions.  */
+      log_info(_("%s: This key is bad!  It has been marked as untrusted!\n"),
+               keystr_from_pk(pk));
+      return 0; /* no */
     }
 
   return 1; /*NOTREACHED*/
@@ -472,10 +479,16 @@ do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel )
       print_fingerprint (NULL, pk, 2);
       tty_printf("\n");
 
-      tty_printf(
-	       _("It is NOT certain that the key belongs to the person named\n"
-		 "in the user ID.  If you *really* know what you are doing,\n"
-		 "you may answer the next question with yes.\n"));
+      if ((trustlevel & TRUST_MASK) == TRUST_NEVER)
+        tty_printf(
+          _("This key has is bad!  It has been marked as untrusted!  If you\n"
+            "*really* know what you are doing, you may answer the next\n"
+            "question with yes.\n"));
+      else
+        tty_printf(
+          _("It is NOT certain that the key belongs to the person named\n"
+            "in the user ID.  If you *really* know what you are doing,\n"
+            "you may answer the next question with yes.\n"));
 
       tty_printf("\n");
 
@@ -654,7 +667,8 @@ check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
       break;
 
     case TRUST_NEVER:
-      /* currently we won't get that status */
+      /* This level can be returned by TOFU, which supports negative
+       * assertions.  */
       write_trust_status (STATUS_TRUST_NEVER, trustlevel);
       log_info(_("WARNING: We do NOT trust this key!\n"));
       log_info(_("         The signature is probably a FORGERY.\n"));

-----------------------------------------------------------------------

Summary of changes:
 g10/pkclist.c | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list