7 files changed, 98 insertions, 21 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog
index 8527827d8..fa0441ffe 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,21 @@
+2002-04-19  Werner Koch  <[email protected]>
+
+	* tdbio.c (tdbio_write_nextcheck): Return a status whether the
+	stamp was actually changed.
+	* trustdb.c (revalidation_mark): Sync the changes.  Removed the
+	sync operation done by its callers.
+	(get_validity): Add logic for maintaining a pending_check flag.
+	(clear_ownertrust): New.
+	
+	* keyedit.c (sign_uids): Don't call revalidation_mark depending on
+	primary_pk.
+	(keyedit_menu): Call revalidation_mark after "trust".
+	(show_key_with_all_names): Print a warning on the wrong listed key
+	validity.
+
+	* delkey.c (do_delete_key): Clear the owenertrust information when
+	deleting a public key.
+	
 2002-04-18  Werner Koch  <[email protected]>
 
 	* seskey.c (encode_md_value): Print an error message if a wrong
diff --git a/g10/delkey.c b/g10/delkey.c
index 0b51ea899..d16a076b4 100644
--- a/g10/delkey.c
+++ b/g10/delkey.c
@@ -156,6 +156,10 @@ do_delete_key( const char *username, int secret, int *r_sec_avail )
 	    log_error (_("deleting keyblock failed: %s\n"), g10_errstr(rc) );
 	    goto leave;
 	}
+        if (!secret && pk && clear_ownertrust (pk)) {
+          if (opt.verbose)
+            log_info (_("ownertrust information cleared\n"));
+        }
     }
 
   leave:
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 786873d3d..23472d7c1 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -611,9 +611,8 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
 	  if( node->flag & NODFLG_DELSIG)
 	    delete_kbnode(node);
     } /* end loop over signators */
-    if( upd_trust && primary_pk ) {
+    if (upd_trust) 
 	revalidation_mark ();
-    }
 
 
   leave:
@@ -799,7 +798,8 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
 	   cmdPRIMARY, cmdDEBUG, cmdSAVE, cmdADDUID, cmdADDPHOTO, cmdDELUID,
            cmdADDKEY, cmdDELKEY, cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST,
            cmdPREF, cmdEXPIRE, cmdENABLEKEY, cmdDISABLEKEY, cmdSHOWPREF,
-	   cmdSETPREF, cmdUPDPREF, cmdINVCMD, cmdSHOWPHOTO, cmdNOP };
+           cmdSETPREF, cmdUPDPREF, cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST,
+           cmdCHKTRUST, cmdNOP };
     static struct { const char *name;
 		    enum cmdids id;
 		    int need_sk;
@@ -1215,8 +1215,10 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
 	    show_key_with_all_names( keyblock, 0, 0, 0, 1, 0 );
 	    tty_printf("\n");
 	    if( edit_ownertrust( find_kbnode( keyblock,
-		      PKT_PUBLIC_KEY )->pkt->pkt.public_key, 1 ) )
+                                 PKT_PUBLIC_KEY )->pkt->pkt.public_key, 1 ) ) {
 		redisplay = 1;
+                revalidation_mark ();
+            }
 	    break;
 
 	  case cmdPREF:
@@ -1439,6 +1441,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
 {
     KBNODE node;
     int i, rc;
+    int do_warn = 0;
 
     /* the keys */
     for( node = keyblock; node; node = node->next ) {
@@ -1450,9 +1453,17 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
 	    if( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
 		/* do it here, so that debug messages don't clutter the
 		 * output */
-              
+                static int did_warn = 0;
+
                 trust = get_validity_info (pk, NULL);
 		otrust = get_ownertrust_info (pk);
+
+                /* Show a warning once */
+                if (!did_warn
+                    && (get_validity (pk, NULL) & TRUST_FLAG_PENDING_CHECK)) {
+                    did_warn = 1;
+                    do_warn = 1;
+                }
 	    }
 
 	    if(with_revoker)
@@ -1549,6 +1560,12 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
 	    }
 	}
     }
+
+    if (do_warn)
+        tty_printf (_("Please note that the shown key validity "
+                      "is not necessary correct\n"
+                      "unless you restart the program.\n")); 
+
 }
 
 static void
diff --git a/g10/tdbio.c b/g10/tdbio.c
index d404f3896..da71247ee 100644
--- a/g10/tdbio.c
+++ b/g10/tdbio.c
@@ -659,7 +659,8 @@ tdbio_read_nextcheck ()
     return vr.r.ver.nextcheck;
 }
 
-void
+/* Return true when the stamp was actually changed. */
+int
 tdbio_write_nextcheck (ulong stamp)
 {
     TRUSTREC vr;
@@ -671,13 +672,14 @@ tdbio_write_nextcheck (ulong stamp)
 				       db_name, g10_errstr(rc) );
 
     if (vr.r.ver.nextcheck == stamp)
-      return;
+      return 0;
 
     vr.r.ver.nextcheck = stamp;
     rc = tdbio_write_record( &vr );
     if( rc )
 	log_fatal( _("%s: error writing version record: %s\n"),
 				       db_name, g10_errstr(rc) );
+    return 1;
 }
 
 
diff --git a/g10/tdbio.h b/g10/tdbio.h
index f1148240a..a1efa6751 100644
--- a/g10/tdbio.h
+++ b/g10/tdbio.h
@@ -95,7 +95,7 @@ int tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected );
 int tdbio_write_record( TRUSTREC *rec );
 int tdbio_db_matches_options(void);
 ulong tdbio_read_nextcheck (void);
-void tdbio_write_nextcheck (ulong stamp);
+int tdbio_write_nextcheck (ulong stamp);
 int tdbio_is_dirty(void);
 int tdbio_sync(void);
 int tdbio_begin_transaction(void);
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 6d84c6796..4abdeeef1 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -71,9 +71,7 @@ static struct {
 static struct key_item *user_utk_list; /* temp. used to store --trusted-keys */
 static struct key_item *utk_list;      /* all ultimately trusted keys */
 
-/* Keep track on whether we did an update trustDB already */
-static int did_nextcheck;
-
+static int pending_check_trustdb;
 
 static int validate_keys (int interactive);
 
@@ -499,7 +497,9 @@ revalidation_mark (void)
   init_trustdb();
   /* we simply set the time for the next check to 1 (far back in 1970)
    * so that a --update-trustdb will be scheduled */
-  tdbio_write_nextcheck (1);
+  if (tdbio_write_nextcheck (1))
+      do_sync ();
+  pending_check_trustdb = 1;
 }
 
 
@@ -593,7 +593,6 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
           rec.r.trust.ownertrust = new_trust;
           write_record( &rec );
           revalidation_mark ();
-          do_sync();
         }
     }
   else if (rc == -1)
@@ -610,7 +609,6 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
       rec.r.trust.ownertrust = new_trust;
       write_record (&rec);
       revalidation_mark ();
-      do_sync();
       rc = 0;
     }
   else 
@@ -619,6 +617,34 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
     }
 }
 
+/* Clear the ownertrust value.  Return true if a changed actually happend. */
+int
+clear_ownertrust (PKT_public_key *pk)
+{
+  TRUSTREC rec;
+  int rc;
+  
+  rc = read_trust_record (pk, &rec);
+  if (!rc)
+    {
+      if (DBG_TRUST)
+        log_debug ("clearing ownertrust (old value %u)\n",
+                   (unsigned int)rec.r.trust.ownertrust);
+      if (rec.r.trust.ownertrust)
+        {
+          rec.r.trust.ownertrust = 0;
+          write_record( &rec );
+          revalidation_mark ();
+          return 1;
+        }
+    }
+  else if (rc != -1)
+    {
+      tdbio_invalid ();
+    }
+  return 0;
+}
+
 /* 
  * Note: Caller has to do a sync 
  */
@@ -723,6 +749,7 @@ clear_validity (PKT_public_key *pk)
 unsigned int
 get_validity (PKT_public_key *pk, const byte *namehash)
 {
+  static int did_nextcheck;
   TRUSTREC trec, vrec;
   int rc;
   ulong recno;
@@ -739,12 +766,16 @@ get_validity (PKT_public_key *pk, const byte *namehash)
       scheduled = tdbio_read_nextcheck ();
       if (scheduled && scheduled <= make_timestamp ())
         {
-          if (opt.no_auto_check_trustdb)
-            log_info ("please do a --check-trustdb\n");
-          else {
-            log_info (_("checking the trustdb\n"));
-            validate_keys (0);
-          }
+          if (opt.no_auto_check_trustdb) 
+            {
+              pending_check_trustdb = 1;
+              log_info ("please do a --check-trustdb\n");
+            }
+          else
+            {
+              log_info (_("checking the trustdb\n"));
+              validate_keys (0);
+            }
         }
     }
 
@@ -805,6 +836,9 @@ get_validity (PKT_public_key *pk, const byte *namehash)
    * I initially designed it that way */
   if (main_pk->has_expired || pk->has_expired)
     validity = (validity & ~TRUST_MASK) | TRUST_EXPIRED;
+  
+  if (pending_check_trustdb)
+    validity |= TRUST_FLAG_PENDING_CHECK;
 
   if (main_pk != pk)
     free_public_key (main_pk);
@@ -1605,6 +1639,7 @@ validate_keys (int interactive)
                     strtimestamp (next_expire));
         }
       do_sync ();
+      pending_check_trustdb = 0;
     }
   return rc;
 }
diff --git a/g10/trustdb.h b/g10/trustdb.h
index e9c62670c..2a1297044 100644
--- a/g10/trustdb.h
+++ b/g10/trustdb.h
@@ -35,7 +35,7 @@
 #define TRUST_FLAG_REVOKED 32 /* r: revoked */
 #define TRUST_FLAG_SUB_REVOKED 64 /* r: revoked but for subkeys */
 #define TRUST_FLAG_DISABLED 128 /* d: key/uid disabled */
-
+#define TRUST_FLAG_PENDING_CHECK 256 /* a check-trustdb is pending */
 
 /*-- trustdb.c --*/
 void register_trusted_key( const char *string );
@@ -62,6 +62,7 @@ void enum_cert_paths_print( void **context, FILE *fp,
 unsigned int get_ownertrust (PKT_public_key *pk);
 int get_ownertrust_info (PKT_public_key *pk);
 void update_ownertrust (PKT_public_key *pk, unsigned int new_trust );
+int clear_ownertrust (PKT_public_key *pk);
 
 
 /*-- tdbdump.c --*/