[git] GnuPG - branch, master, updated. gnupg-2.1.18-150-ge182542
by Werner Koch
cvs at cvs.gnupg.org
Tue Feb 28 20:39:41 CET 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via e182542e90cbeff4f2ac6c8d71061356d7cdcdea (commit)
from e4583ae14e52482ab390c102d071755f91ab211d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e182542e90cbeff4f2ac6c8d71061356d7cdcdea
Author: Werner Koch <wk at gnupg.org>
Date: Tue Feb 28 20:28:56 2017 +0100
gpg: Do not require a trustdb for decryption.
* g10/trustdb.c (init_trustdb): Add and implement arg NO_CREATE.
Change to return an error code. Change all callers to to pass False
for NO_CREATE.
(tdb_get_ownertrust): New arg NO_CREATE. Call init_trustdb to test
for a non-existing trustdb. Change all callers to to pass False for
NO_CREATE.
(tdb_get_min_ownertrust): Ditto.
* g10/trust.c (get_ownertrust_with_min): Add arg NO_CREATE. Call
init_trustdb for a quick check.
(get_ownertrust_info): Add arg NO_CREATE.
(get_ownertrust_string): Ditto.
* g10/gpgv.c (get_ownertrust_info): Adjust stub.
* g10/test-stubs.c (get_ownertrust_info): Ditto.
* g10/mainproc.c (list_node): Call get_ownertrust_info with NO_CREATE
set.
* g10/pubkey-enc.c (get_it): Ditto.
--
Fixes-commit: effa80e0b5fd8cf9e31a984afe391c2406edee8b
For details see mails on Feb 27 and 28 by dkg, gniibe, and Justus to
gnupg-devel 'test failure on git master with
decrypt-session-key.scm (and: continuous integration?)'
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/gpgv.c b/g10/gpgv.c
index ef8d9e0..a6d1add 100644
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@@ -371,9 +371,10 @@ uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid)
}
int
-get_ownertrust_info (PKT_public_key *pk)
+get_ownertrust_info (PKT_public_key *pk, int no_create)
{
(void)pk;
+ (void)no_create;
return '?';
}
diff --git a/g10/keyedit.c b/g10/keyedit.c
index ab66d01..892da1a 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -3679,7 +3679,7 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock)
(ulong) pk->timestamp, (ulong) pk->expiredate);
if (node->pkt->pkttype == PKT_PUBLIC_KEY
&& !(opt.fast_list_mode || opt.no_expensive_trust_checks))
- es_putc (get_ownertrust_info (pk), fp);
+ es_putc (get_ownertrust_info (pk, 0), fp);
es_putc (':', fp);
es_putc (':', fp);
es_putc (':', fp);
@@ -3896,7 +3896,7 @@ show_key_with_all_names (ctrl_t ctrl, estream_t fp,
static int did_warn = 0;
trust = get_validity_string (ctrl, pk, NULL);
- otrust = get_ownertrust_string (pk);
+ otrust = get_ownertrust_string (pk, 0);
/* Show a warning once */
if (!did_warn
diff --git a/g10/keylist.c b/g10/keylist.c
index abdcb9f..2684f59 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -1232,7 +1232,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
}
if (!opt.fast_list_mode && !opt.no_expensive_trust_checks)
- ownertrust_print = get_ownertrust_info (pk);
+ ownertrust_print = get_ownertrust_info (pk, 0);
else
ownertrust_print = 0;
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 8e29891..4f8d0be 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1032,7 +1032,7 @@ list_node (CTX c, kbnode_t node)
colon_datestr_from_pk( pk ),
colon_strtime (pk->expiredate) );
if (pk->flags.primary && !opt.fast_list_mode)
- es_putc (get_ownertrust_info (pk), es_stdout);
+ es_putc (get_ownertrust_info (pk, 1), es_stdout);
es_putc (':', es_stdout);
es_putc ('\n', es_stdout);
}
diff --git a/g10/pkclist.c b/g10/pkclist.c
index 4991d20..012f751 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -188,7 +188,7 @@ do_edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode,
int show=0;
int min_num;
int did_help=defer_help;
- unsigned int minimum = tdb_get_min_ownertrust (pk);
+ unsigned int minimum = tdb_get_min_ownertrust (pk, 0);
switch(minimum)
{
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index 1772936..e037c12 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -404,8 +404,13 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
hexfingerprint (pk, pkhex, sizeof pkhex);
hexfingerprint (mainpk, mainpkhex, sizeof mainpkhex);
+ /* Note that we do not want to create a trustdb just for
+ * getting the ownertrust: If there is no trustdb there can't
+ * be ulitmately trusted key anyway and thus the ownertrust
+ * value is irrelevant. */
write_status_printf (STATUS_DECRYPTION_KEY, "%s %s %c",
- pkhex, mainpkhex, get_ownertrust_info (mainpk));
+ pkhex, mainpkhex,
+ get_ownertrust_info (mainpk, 1));
}
diff --git a/g10/tdbdump.c b/g10/tdbdump.c
index be9d1f2..ab2f072 100644
--- a/g10/tdbdump.c
+++ b/g10/tdbdump.c
@@ -70,7 +70,7 @@ list_trustdb (estream_t fp, const char *username)
(void)username;
- init_trustdb();
+ init_trustdb (0);
/* For now we ignore the user ID. */
if (1)
{
@@ -101,7 +101,7 @@ export_ownertrust()
int i;
byte *p;
- init_trustdb();
+ init_trustdb (0);
es_printf (_("# List of assigned trustvalues, created %s\n"
"# (Use \"gpg --import-ownertrust\" to restore them)\n"),
asctimestamp( make_timestamp() ) );
@@ -133,7 +133,7 @@ import_ownertrust( const char *fname )
int any = 0;
int rc;
- init_trustdb();
+ init_trustdb (0);
if( iobuf_is_pipe_filename (fname) ) {
fp = es_stdin;
fname = "[stdin]";
diff --git a/g10/test-stubs.c b/g10/test-stubs.c
index 8752f88..a74df20 100644
--- a/g10/test-stubs.c
+++ b/g10/test-stubs.c
@@ -138,9 +138,10 @@ uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid)
}
int
-get_ownertrust_info (PKT_public_key *pk)
+get_ownertrust_info (PKT_public_key *pk, int no_create)
{
(void)pk;
+ (void)no_create;
return '?';
}
diff --git a/g10/trust.c b/g10/trust.c
index b1fa3d6..d0ea77e 100644
--- a/g10/trust.c
+++ b/g10/trust.c
@@ -179,17 +179,18 @@ get_ownertrust (PKT_public_key *pk)
(void)pk;
return TRUST_UNKNOWN;
#else
- return tdb_get_ownertrust (pk);
+ return tdb_get_ownertrust (pk, 0);
#endif
}
/*
* Same as get_ownertrust but this takes the minimum ownertrust value
- * into account, and will bump up the value as needed.
+ * into account, and will bump up the value as needed. NO_CREATE
+ * inhibits creation of a trustdb it that does not yet exists.
*/
static int
-get_ownertrust_with_min (PKT_public_key *pk)
+get_ownertrust_with_min (PKT_public_key *pk, int no_create)
{
#ifdef NO_TRUST_MODELS
(void)pk;
@@ -197,8 +198,15 @@ get_ownertrust_with_min (PKT_public_key *pk)
#else
unsigned int otrust, otrust_min;
- otrust = (tdb_get_ownertrust (pk) & TRUST_MASK);
- otrust_min = tdb_get_min_ownertrust (pk);
+ /* Shortcut instead of doing the same twice in the two tdb_get
+ * functions: If the caller asked not to create a trustdb we call
+ * init_trustdb directly and allow it to fail with an error code for
+ * a non-existing trustdb. */
+ if (no_create && init_trustdb (1))
+ return TRUST_UNKNOWN;
+
+ otrust = (tdb_get_ownertrust (pk, no_create) & TRUST_MASK);
+ otrust_min = tdb_get_min_ownertrust (pk, no_create);
if (otrust < otrust_min)
{
/* If the trust that the user has set is less than the trust
@@ -217,23 +225,25 @@ get_ownertrust_with_min (PKT_public_key *pk)
/*
* Same as get_ownertrust but return a trust letter instead of an
- * value. This takes the minimum ownertrust value into account.
+ * value. This takes the minimum ownertrust value into account. If
+ * NO_CREATE is set, no efforts for creating a trustdb will be taken.
*/
int
-get_ownertrust_info (PKT_public_key *pk)
+get_ownertrust_info (PKT_public_key *pk, int no_create)
{
- return trust_letter (get_ownertrust_with_min (pk));
+ return trust_letter (get_ownertrust_with_min (pk, no_create));
}
/*
* Same as get_ownertrust but return a trust string instead of an
- * value. This takes the minimum ownertrust value into account.
+ * value. This takes the minimum ownertrust value into account. If
+ * NO_CREATE is set, no efforts for creating a trustdb will be taken.
*/
const char *
-get_ownertrust_string (PKT_public_key *pk)
+get_ownertrust_string (PKT_public_key *pk, int no_create)
{
- return trust_value_to_string (get_ownertrust_with_min (pk));
+ return trust_value_to_string (get_ownertrust_with_min (pk, no_create));
}
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 5f68012..f4df4c8 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -296,9 +296,9 @@ verify_own_keys(void)
keystr(k->kid));
else
{
- tdb_update_ownertrust (&pk,
- ((tdb_get_ownertrust (&pk) & ~TRUST_MASK)
- | TRUST_ULTIMATE ));
+ tdb_update_ownertrust
+ (&pk, ((tdb_get_ownertrust (&pk, 0) & ~TRUST_MASK)
+ | TRUST_ULTIMATE ));
release_public_key_parts (&pk);
}
@@ -439,21 +439,34 @@ how_to_fix_the_trustdb ()
}
-void
-init_trustdb ()
+/* Initialize the trustdb. With NO_CREATE set a missing trustdb is
+ * not an error and the function won't terminate the process on error;
+ * in that case 0 is returned if there is a trustdb or an error code
+ * if no trustdb is available. */
+gpg_error_t
+init_trustdb (int no_create)
{
int level = trustdb_args.level;
const char* dbname = trustdb_args.dbname;
if( trustdb_args.init )
- return;
+ return 0;
trustdb_args.init = 1;
if(level==0 || level==1)
{
- int rc = tdbio_set_dbname( dbname, !!level, &trustdb_args.no_trustdb);
- if( rc )
+ int rc = tdbio_set_dbname (dbname, (!no_create && level),
+ &trustdb_args.no_trustdb);
+ if (no_create && trustdb_args.no_trustdb)
+ {
+ /* No trustdb found and the caller asked us not to create
+ * it. Return an error and set the initialization state
+ * back so that we always test for an existing trustdb. */
+ trustdb_args.init = 0;
+ return gpg_error (GPG_ERR_ENOENT);
+ }
+ if (rc)
log_fatal("can't init trustdb: %s\n", gpg_strerror (rc) );
}
else
@@ -493,6 +506,8 @@ init_trustdb ()
if(!tdbio_db_matches_options())
pending_check_trustdb=1;
}
+
+ return 0;
}
@@ -504,7 +519,7 @@ init_trustdb ()
void
check_trustdb (ctrl_t ctrl)
{
- init_trustdb();
+ init_trustdb (0);
if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
|| opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
{
@@ -541,7 +556,7 @@ check_trustdb (ctrl_t ctrl)
void
update_trustdb (ctrl_t ctrl)
{
- init_trustdb ();
+ init_trustdb (0);
if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
|| opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
validate_keys (ctrl, 1);
@@ -553,7 +568,7 @@ update_trustdb (ctrl_t ctrl)
void
tdb_revalidation_mark (void)
{
- init_trustdb();
+ init_trustdb (0);
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return;
@@ -591,7 +606,7 @@ read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
{
TRUSTREC opts;
- init_trustdb();
+ init_trustdb (0);
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
memset (&opts, 0, sizeof opts);
else
@@ -622,7 +637,7 @@ read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
{
int rc;
- init_trustdb();
+ init_trustdb (0);
rc = tdbio_search_trust_bypk (pk, rec);
if (rc)
{
@@ -642,12 +657,16 @@ read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
return 0;
}
-/****************
- * Return the assigned ownertrust value for the given public key.
- * The key should be the primary key.
+
+/*
+ * Return the assigned ownertrust value for the given public key. The
+ * key should be the primary key. If NO_CREATE is set a missing
+ * trustdb will not be created. This comes for example handy when we
+ * want to print status lines (DECRYPTION_KEY) which carry ownertrust
+ * values but we usually use --always-trust.
*/
unsigned int
-tdb_get_ownertrust ( PKT_public_key *pk)
+tdb_get_ownertrust (PKT_public_key *pk, int no_create)
{
TRUSTREC rec;
gpg_error_t err;
@@ -655,6 +674,12 @@ tdb_get_ownertrust ( PKT_public_key *pk)
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return TRUST_UNKNOWN;
+ /* If the caller asked not to create a trustdb we call init_trustdb
+ * directly and allow it to fail with an error code for a
+ * non-existing trustdb. */
+ if (no_create && init_trustdb (1))
+ return TRUST_UNKNOWN;
+
err = read_trust_record (pk, &rec);
if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
return TRUST_UNKNOWN; /* no record yet */
@@ -669,7 +694,7 @@ tdb_get_ownertrust ( PKT_public_key *pk)
unsigned int
-tdb_get_min_ownertrust (PKT_public_key *pk)
+tdb_get_min_ownertrust (PKT_public_key *pk, int no_create)
{
TRUSTREC rec;
gpg_error_t err;
@@ -677,6 +702,12 @@ tdb_get_min_ownertrust (PKT_public_key *pk)
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return TRUST_UNKNOWN;
+ /* If the caller asked not to create a trustdb we call init_trustdb
+ * directly and allow it to fail with an error code for a
+ * non-existing trustdb. */
+ if (no_create && init_trustdb (1))
+ return TRUST_UNKNOWN;
+
err = read_trust_record (pk, &rec);
if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
return TRUST_UNKNOWN; /* no record yet */
@@ -808,7 +839,7 @@ tdb_clear_ownertrusts (PKT_public_key *pk)
TRUSTREC rec;
gpg_error_t err;
- init_trustdb ();
+ init_trustdb (0);
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return 0;
@@ -915,7 +946,7 @@ tdb_cache_disabled_value (PKT_public_key *pk)
if (pk->flags.disabled_valid)
return pk->flags.disabled;
- init_trustdb();
+ init_trustdb (0);
if (trustdb_args.no_trustdb)
return 0; /* No trustdb => not disabled. */
@@ -950,7 +981,7 @@ tdb_check_trustdb_stale (ctrl_t ctrl)
{
static int did_nextcheck=0;
- init_trustdb ();
+ init_trustdb (0);
if (trustdb_args.no_trustdb)
return; /* No trustdb => can't be stale. */
@@ -1021,7 +1052,7 @@ tdb_get_validity_core (ctrl_t ctrl,
(void)may_ask;
#endif
- init_trustdb ();
+ init_trustdb (0);
/* If we have no trustdb (which also means it has not been created)
and the trust-model is always, we don't know the validity -
@@ -1036,7 +1067,7 @@ tdb_get_validity_core (ctrl_t ctrl,
{
/* Note that this happens BEFORE any user ID stuff is checked.
The direct trust model applies to keys as a whole. */
- validity = tdb_get_ownertrust (main_pk);
+ validity = tdb_get_ownertrust (main_pk, 0);
goto leave;
}
@@ -1248,7 +1279,7 @@ get_validity_counts (PKT_public_key *pk, PKT_user_id *uid)
uid->help_marginal_count=uid->help_full_count=0;
- init_trustdb ();
+ init_trustdb (0);
if(read_trust_record (pk, &trec))
return;
@@ -1353,7 +1384,7 @@ ask_ownertrust (ctrl_t ctrl, u32 *kid, int minimum)
{
ot=edit_ownertrust (ctrl, pk, 0);
if(ot>0)
- ot = tdb_get_ownertrust (pk);
+ ot = tdb_get_ownertrust (pk, 0);
else if(ot==0)
ot = minimum?minimum:TRUST_UNDEFINED;
else
@@ -2142,9 +2173,9 @@ validate_keys (ctrl_t ctrl, int interactive)
k->kid[1]=kid[1];
k->ownertrust =
(tdb_get_ownertrust
- (kar->keyblock->pkt->pkt.public_key) & TRUST_MASK);
+ (kar->keyblock->pkt->pkt.public_key, 0) & TRUST_MASK);
k->min_ownertrust = tdb_get_min_ownertrust
- (kar->keyblock->pkt->pkt.public_key);
+ (kar->keyblock->pkt->pkt.public_key, 0);
k->trust_depth=
kar->keyblock->pkt->pkt.public_key->trust_depth;
k->trust_value=
diff --git a/g10/trustdb.h b/g10/trustdb.h
index 6081d10..3088063 100644
--- a/g10/trustdb.h
+++ b/g10/trustdb.h
@@ -127,7 +127,7 @@ void update_trustdb (ctrl_t ctrl);
int setup_trustdb( int level, const char *dbname );
void how_to_fix_the_trustdb (void);
const char *trust_model_string (int model);
-void init_trustdb( void );
+gpg_error_t init_trustdb (int no_create);
void tdb_check_trustdb_stale (ctrl_t ctrl);
void sync_trustdb( void );
@@ -152,10 +152,10 @@ void read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
byte *marginals,byte *completes,byte *cert_depth,
byte *min_cert_level);
-unsigned int tdb_get_ownertrust (PKT_public_key *pk);
-unsigned int tdb_get_min_ownertrust (PKT_public_key *pk);
-int get_ownertrust_info (PKT_public_key *pk);
-const char *get_ownertrust_string (PKT_public_key *pk);
+unsigned int tdb_get_ownertrust (PKT_public_key *pk, int no_create);
+unsigned int tdb_get_min_ownertrust (PKT_public_key *pk, int no_create);
+int get_ownertrust_info (PKT_public_key *pk, int no_create);
+const char *get_ownertrust_string (PKT_public_key *pk, int no_create);
void tdb_update_ownertrust (PKT_public_key *pk, unsigned int new_trust);
int tdb_clear_ownertrusts (PKT_public_key *pk);
-----------------------------------------------------------------------
Summary of changes:
g10/gpgv.c | 3 +-
g10/keyedit.c | 4 +--
g10/keylist.c | 2 +-
g10/mainproc.c | 2 +-
g10/pkclist.c | 2 +-
g10/pubkey-enc.c | 7 ++++-
g10/tdbdump.c | 6 ++--
g10/test-stubs.c | 3 +-
g10/trust.c | 32 +++++++++++++--------
g10/trustdb.c | 85 ++++++++++++++++++++++++++++++++++++++------------------
g10/trustdb.h | 10 +++----
11 files changed, 102 insertions(+), 54 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list