From 99ef78aa0ca7e48ceba400e1a43f8185cf9bbf71 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Sat, 13 Nov 2021 20:34:06 +0100
Subject: gpg: Remove stale ultimately trusted keys from the trustdb.

* g10/tdbdump.c (export_ownertrust): Skip records marked with the
option --trusted-key.
(import_ownertrust): Clear the trusted-key flag.
* g10/tdbio.h (struct trust_record): Add field flags.
* g10/tdbio.c (tdbio_dump_record): Improve output.
(tdbio_read_record, tdbio_write_record): Handle flags.
* g10/trustdb.c (verify_own_keys): Clear stale trusted-keys and set
the flag for new --trusted-keys.
(tdb_update_ownertrust): Add arg as_trusted_key.  Update callers.
--

GnuPG-bug-id: 5685
Signed-off-by: Werner Koch <wk@gnupg.org>
---
 g10/trust.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'g10/trust.c')

diff --git a/g10/trust.c b/g10/trust.c
index 67cb1029b..3f53e4bf3 100644
--- a/g10/trust.c
+++ b/g10/trust.c
@@ -267,7 +267,7 @@ update_ownertrust (ctrl_t ctrl, PKT_public_key *pk, unsigned int new_trust)
   (void)pk;
   (void)new_trust;
 #else
-  tdb_update_ownertrust (ctrl, pk, new_trust);
+  tdb_update_ownertrust (ctrl, pk, new_trust, 0);
 #endif
 }
 
-- 
cgit v1.2.3