[git] GnuPG - branch, master, updated. gnupg-2.2.7-222-g150a33d
by Werner Koch
cvs at cvs.gnupg.org
Wed Oct 10 11:47:25 CEST 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 150a33df41944d764621f037038683f3d605aa3f (commit)
from b6275f3bda8edff34274c5b921508567f491ab9c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 150a33df41944d764621f037038683f3d605aa3f
Author: Werner Koch <wk at gnupg.org>
Date: Wed Oct 10 11:46:16 2018 +0200
gpg: Don't take the a TOFU trust model from the trustdb,
* g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model.
(create_version_record): Don't init as TOFU.
(tdbio_db_matches_options): Don't indicate a change in case TOFU is
stored in an old trustdb file.
--
This change allows to switch between a tofu and pgp or tofu+pgp trust
model without an auto rebuild of the trustdb. This also requires that
the tofu trust model is requested on the command line. If TOFU will
ever be the default we need to tweak the model detection via TM_AUTO
by also looking into the TOFU data base,
GnuPG-bug-id: 4134
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 843e91c..ba1df4b 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1724,7 +1724,8 @@ Set what trust model GnuPG should follow. The models are:
@opindex trust-model:auto
Select the trust model depending on whatever the internal trust
database says. This is the default model if such a database already
- exists.
+ exists. Note that a tofu trust model is not considered here and
+ must be enabled explicitly.
@end table
@item --auto-key-locate @var{mechanisms}
diff --git a/g10/tdbio.c b/g10/tdbio.c
index fed0cf5..8f75306 100644
--- a/g10/tdbio.c
+++ b/g10/tdbio.c
@@ -562,6 +562,12 @@ tdbio_update_version_record (ctrl_t ctrl)
{
TRUSTREC rec;
int rc;
+ int opt_tm;
+
+ /* Never store a TOFU trust model in the trustdb. Use PGP instead. */
+ opt_tm = opt.trust_model;
+ if (opt_tm == TM_TOFU || opt_tm == TM_TOFU_PGP)
+ opt_tm = TM_PGP;
memset (&rec, 0, sizeof rec);
@@ -572,7 +578,7 @@ tdbio_update_version_record (ctrl_t ctrl)
rec.r.ver.marginals = opt.marginals_needed;
rec.r.ver.completes = opt.completes_needed;
rec.r.ver.cert_depth = opt.max_cert_depth;
- rec.r.ver.trust_model = opt.trust_model;
+ rec.r.ver.trust_model = opt_tm;
rec.r.ver.min_cert_level = opt.min_cert_level;
rc = tdbio_write_record (ctrl, &rec);
}
@@ -591,6 +597,12 @@ create_version_record (ctrl_t ctrl)
{
TRUSTREC rec;
int rc;
+ int opt_tm;
+
+ /* Never store a TOFU trust model in the trustdb. Use PGP instead. */
+ opt_tm = opt.trust_model;
+ if (opt_tm == TM_TOFU || opt_tm == TM_TOFU_PGP)
+ opt_tm = TM_PGP;
memset (&rec, 0, sizeof rec);
rec.r.ver.version = 3;
@@ -598,8 +610,8 @@ create_version_record (ctrl_t ctrl)
rec.r.ver.marginals = opt.marginals_needed;
rec.r.ver.completes = opt.completes_needed;
rec.r.ver.cert_depth = opt.max_cert_depth;
- if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC)
- rec.r.ver.trust_model = opt.trust_model;
+ if (opt_tm == TM_PGP || opt_tm == TM_CLASSIC)
+ rec.r.ver.trust_model = opt_tm;
else
rec.r.ver.trust_model = TM_PGP;
rec.r.ver.min_cert_level = opt.min_cert_level;
@@ -883,16 +895,25 @@ tdbio_db_matches_options()
{
TRUSTREC vr;
int rc;
+ int opt_tm, tm;
rc = tdbio_read_record (0, &vr, RECTYPE_VER);
if( rc )
log_fatal( _("%s: error reading version record: %s\n"),
db_name, gpg_strerror (rc) );
+ /* Consider tofu and pgp the same. */
+ tm = vr.r.ver.trust_model;
+ if (tm == TM_TOFU || tm == TM_TOFU_PGP)
+ tm = TM_PGP;
+ opt_tm = opt.trust_model;
+ if (opt_tm == TM_TOFU || opt_tm == TM_TOFU_PGP)
+ opt_tm = TM_PGP;
+
yes_no = vr.r.ver.marginals == opt.marginals_needed
&& vr.r.ver.completes == opt.completes_needed
&& vr.r.ver.cert_depth == opt.max_cert_depth
- && vr.r.ver.trust_model == opt.trust_model
+ && tm == opt_tm
&& vr.r.ver.min_cert_level == opt.min_cert_level;
}
-----------------------------------------------------------------------
Summary of changes:
doc/gpg.texi | 3 ++-
g10/tdbio.c | 29 +++++++++++++++++++++++++----
2 files changed, 27 insertions(+), 5 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list