core: New context flag "no-auto-check-trustdb"

* src/context.h (gpgme_context): Add field no_auto_check_trustdb.
* src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): Add flag
"no-auto-check-trustdb".
* src/engine-gpg.c (engine_gpg): Add flags.no_auto_check_trustdb.
(gpg_set_engine_flags): Set the flag.
(build_argv): Pass option to gpg.

* tests/run-keylist.c (show_usage, main): Add option --no-trust-check.
--

This makes the --no-auto-check-trustdb option available in the GPGME API
to disable the potentially expensive automatic trust database check.

GnuPG-bug-id: 6261

6 files changed, 51 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index fc434647..c6cec593 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
 Noteworthy changes in version 1.18.1 (unreleased)
 -------------------------------------------------
 
+ * New context flag "no-auto-check-trustdb".  [T6261]
+
  * Optionally, build QGpgME for Qt 6
 
  * cpp: Handle error when trying to sign expired keys.  [T6155]
@@ -15,6 +17,8 @@ Noteworthy changes in version 1.18.1 (unreleased)
 
  * Interface changes relative to the 1.18.0 release:
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ gpgme_get_ctx_flag                EXTENDED: New flag 'no-auto-check-trustdb'.
+ gpgme_set_ctx_flag                EXTENDED: New flag 'no-auto-check-trustdb'.
  cpp: GpgGenCardKeyInteractor::Curve        NEW.
  cpp: GpgGenCardKeyInteractor::setCurve     NEW.
 
diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index b707b93f..327a5ea1 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -3236,6 +3236,11 @@ The string given in @var{value} is passed to the GnuPG engine to use as
 filter when importing keys.  Valid values are documented in the GnuPG
 manual and the gpg man page under the option @option{--import-filter}.
 
+@item "no-auto-check-trustdb"
+@since{1.18.1}
+Setting the @var{value} to "1" forces the GPG backend to disable the
+automatic check of the trust database.
+
 @end table
 
 This function returns @code{0} on success.
diff --git a/src/context.h b/src/context.h
index e976ba3f..7a1b9ada 100644
--- a/src/context.h
+++ b/src/context.h
@@ -134,6 +134,9 @@ struct gpgme_context
    * after the operation.  */
   unsigned int ignore_mdc_error : 1;
 
+  /* True if the option --no-auto-check-trustdb shall be passed to gpg.  */
+  unsigned int no_auto_check_trustdb : 1;
+
   /* Pass --expert to gpg edit key. */
   unsigned int extended_edit : 1;
 
diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index 3bf5223c..9d20f2ba 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -150,6 +150,7 @@ struct engine_gpg
     unsigned int ignore_mdc_error : 1;
     unsigned int include_key_block : 1;
     unsigned int auto_key_import : 1;
+    unsigned int no_auto_check_trustdb : 1;
   } flags;
 
   /* NULL or the data object fed to --override_session_key-fd.  */
@@ -695,6 +696,8 @@ gpg_set_engine_flags (void *engine, const gpgme_ctx_t ctx)
       if (ctx->include_key_block)
         gpg->flags.include_key_block = 1;
     }
+
+  gpg->flags.no_auto_check_trustdb = !!ctx->no_auto_check_trustdb;
 }
 
 
@@ -934,6 +937,8 @@ build_argv (engine_gpg_t gpg, const char *pgmname)
     argc++;
   if (gpg->flags.offline)
     argc++;
+  if (gpg->flags.no_auto_check_trustdb)
+    argc++;
   if (gpg->pinentry_mode)
     argc++;
   if (!gpg->cmd.used)
@@ -1070,6 +1075,19 @@ build_argv (engine_gpg_t gpg, const char *pgmname)
       argc++;
     }
 
+  if (gpg->flags.no_auto_check_trustdb)
+    {
+      argv[argc] = strdup ("--no-auto-check-trustdb");
+      if (!argv[argc])
+	{
+          int saved_err = gpg_error_from_syserror ();
+	  free (fd_data_map);
+	  free_argv (argv);
+	  return saved_err;
+        }
+      argc++;
+    }
+
   if (gpg->pinentry_mode && have_gpg_version (gpg, "2.1.0"))
     {
       const char *s = NULL;
diff --git a/src/gpgme.c b/src/gpgme.c
index ed15912a..135a75a7 100644
--- a/src/gpgme.c
+++ b/src/gpgme.c
@@ -607,6 +607,10 @@ gpgme_set_ctx_flag (gpgme_ctx_t ctx, const char *name, const char *value)
       if (!ctx->import_filter)
         err = gpg_error_from_syserror ();
     }
+  else if (!strcmp (name, "no-auto-check-trustdb"))
+    {
+      ctx->no_auto_check_trustdb = abool;
+    }
   else
     err = gpg_error (GPG_ERR_UNKNOWN_NAME);
 
@@ -688,6 +692,10 @@ gpgme_get_ctx_flag (gpgme_ctx_t ctx, const char *name)
     {
       return ctx->import_filter? ctx->import_filter : "";
     }
+  else if (!strcmp (name, "no-auto-check-trustdb"))
+    {
+      return ctx->no_auto_check_trustdb? "1":"";
+    }
   else
     return NULL;
 }
diff --git a/tests/run-keylist.c b/tests/run-keylist.c
index 27cdbb2a..929cb1d8 100644
--- a/tests/run-keylist.c
+++ b/tests/run-keylist.c
@@ -58,6 +58,7 @@ show_usage (int ex)
          "  --validate       use GPGME_KEYLIST_MODE_VALIDATE\n"
          "  --import         import all keys\n"
          "  --offline        use offline mode\n"
+         "  --no-trust-check disable automatic trust database check\n"
          "  --from-file      list all keys in the given file\n"
          "  --from-wkd       list key from a web key directory\n"
          "  --require-gnupg  required at least the given GnuPG version\n"
@@ -103,6 +104,7 @@ main (int argc, char **argv)
   gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP;
   int only_secret = 0;
   int offline = 0;
+  int no_trust_check = 0;
   int from_file = 0;
   int from_wkd = 0;
   gpgme_data_t data = NULL;
@@ -192,6 +194,11 @@ main (int argc, char **argv)
           offline = 1;
           argc--; argv++;
         }
+      else if (!strcmp (*argv, "--no-trust-check"))
+        {
+          no_trust_check = 1;
+          argc--; argv++;
+        }
       else if (!strcmp (*argv, "--from-file"))
         {
           from_file = 1;
@@ -238,6 +245,12 @@ main (int argc, char **argv)
 
   gpgme_set_offline (ctx, offline);
 
+  if (no_trust_check)
+    {
+      err = gpgme_set_ctx_flag (ctx, "no-auto-check-trustdb", "1");
+      fail_if_err (err);
+    }
+
   if (trust_model)
     {
       err = gpgme_set_ctx_flag (ctx, "trust-model", trust_model);