From 4f874ea431ba68ba70cf569741488502b1f61e66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ingo=20Kl=C3=B6cker?= Date: Fri, 4 Nov 2022 10:21:25 +0100 Subject: [PATCH] core: New context flag "no-auto-check-trustdb" * src/context.h (gpgme_context): Add field no_auto_check_trustdb. * src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): Add flag "no-auto-check-trustdb". * src/engine-gpg.c (engine_gpg): Add flags.no_auto_check_trustdb. (gpg_set_engine_flags): Set the flag. (build_argv): Pass option to gpg. * tests/run-keylist.c (show_usage, main): Add option --no-trust-check. -- This makes the --no-auto-check-trustdb option available in the GPGME API to disable the potentially expensive automatic trust database check. GnuPG-bug-id: 6261 --- NEWS | 4 ++++ doc/gpgme.texi | 5 +++++ src/context.h | 3 +++ src/engine-gpg.c | 18 ++++++++++++++++++ src/gpgme.c | 8 ++++++++ tests/run-keylist.c | 13 +++++++++++++ 6 files changed, 51 insertions(+) diff --git a/NEWS b/NEWS index fc434647..c6cec593 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,8 @@ Noteworthy changes in version 1.18.1 (unreleased) ------------------------------------------------- + * New context flag "no-auto-check-trustdb". [T6261] + * Optionally, build QGpgME for Qt 6 * cpp: Handle error when trying to sign expired keys. [T6155] @@ -15,6 +17,8 @@ Noteworthy changes in version 1.18.1 (unreleased) * Interface changes relative to the 1.18.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + gpgme_get_ctx_flag EXTENDED: New flag 'no-auto-check-trustdb'. + gpgme_set_ctx_flag EXTENDED: New flag 'no-auto-check-trustdb'. cpp: GpgGenCardKeyInteractor::Curve NEW. cpp: GpgGenCardKeyInteractor::setCurve NEW. diff --git a/doc/gpgme.texi b/doc/gpgme.texi index b707b93f..327a5ea1 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -3236,6 +3236,11 @@ The string given in @var{value} is passed to the GnuPG engine to use as filter when importing keys. Valid values are documented in the GnuPG manual and the gpg man page under the option @option{--import-filter}. +@item "no-auto-check-trustdb" +@since{1.18.1} +Setting the @var{value} to "1" forces the GPG backend to disable the +automatic check of the trust database. + @end table This function returns @code{0} on success. diff --git a/src/context.h b/src/context.h index e976ba3f..7a1b9ada 100644 --- a/src/context.h +++ b/src/context.h @@ -134,6 +134,9 @@ struct gpgme_context * after the operation. */ unsigned int ignore_mdc_error : 1; + /* True if the option --no-auto-check-trustdb shall be passed to gpg. */ + unsigned int no_auto_check_trustdb : 1; + /* Pass --expert to gpg edit key. */ unsigned int extended_edit : 1; diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 3bf5223c..9d20f2ba 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -150,6 +150,7 @@ struct engine_gpg unsigned int ignore_mdc_error : 1; unsigned int include_key_block : 1; unsigned int auto_key_import : 1; + unsigned int no_auto_check_trustdb : 1; } flags; /* NULL or the data object fed to --override_session_key-fd. */ @@ -695,6 +696,8 @@ gpg_set_engine_flags (void *engine, const gpgme_ctx_t ctx) if (ctx->include_key_block) gpg->flags.include_key_block = 1; } + + gpg->flags.no_auto_check_trustdb = !!ctx->no_auto_check_trustdb; } @@ -934,6 +937,8 @@ build_argv (engine_gpg_t gpg, const char *pgmname) argc++; if (gpg->flags.offline) argc++; + if (gpg->flags.no_auto_check_trustdb) + argc++; if (gpg->pinentry_mode) argc++; if (!gpg->cmd.used) @@ -1070,6 +1075,19 @@ build_argv (engine_gpg_t gpg, const char *pgmname) argc++; } + if (gpg->flags.no_auto_check_trustdb) + { + argv[argc] = strdup ("--no-auto-check-trustdb"); + if (!argv[argc]) + { + int saved_err = gpg_error_from_syserror (); + free (fd_data_map); + free_argv (argv); + return saved_err; + } + argc++; + } + if (gpg->pinentry_mode && have_gpg_version (gpg, "2.1.0")) { const char *s = NULL; diff --git a/src/gpgme.c b/src/gpgme.c index ed15912a..135a75a7 100644 --- a/src/gpgme.c +++ b/src/gpgme.c @@ -607,6 +607,10 @@ gpgme_set_ctx_flag (gpgme_ctx_t ctx, const char *name, const char *value) if (!ctx->import_filter) err = gpg_error_from_syserror (); } + else if (!strcmp (name, "no-auto-check-trustdb")) + { + ctx->no_auto_check_trustdb = abool; + } else err = gpg_error (GPG_ERR_UNKNOWN_NAME); @@ -688,6 +692,10 @@ gpgme_get_ctx_flag (gpgme_ctx_t ctx, const char *name) { return ctx->import_filter? ctx->import_filter : ""; } + else if (!strcmp (name, "no-auto-check-trustdb")) + { + return ctx->no_auto_check_trustdb? "1":""; + } else return NULL; } diff --git a/tests/run-keylist.c b/tests/run-keylist.c index 27cdbb2a..929cb1d8 100644 --- a/tests/run-keylist.c +++ b/tests/run-keylist.c @@ -58,6 +58,7 @@ show_usage (int ex) " --validate use GPGME_KEYLIST_MODE_VALIDATE\n" " --import import all keys\n" " --offline use offline mode\n" + " --no-trust-check disable automatic trust database check\n" " --from-file list all keys in the given file\n" " --from-wkd list key from a web key directory\n" " --require-gnupg required at least the given GnuPG version\n" @@ -103,6 +104,7 @@ main (int argc, char **argv) gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP; int only_secret = 0; int offline = 0; + int no_trust_check = 0; int from_file = 0; int from_wkd = 0; gpgme_data_t data = NULL; @@ -192,6 +194,11 @@ main (int argc, char **argv) offline = 1; argc--; argv++; } + else if (!strcmp (*argv, "--no-trust-check")) + { + no_trust_check = 1; + argc--; argv++; + } else if (!strcmp (*argv, "--from-file")) { from_file = 1; @@ -238,6 +245,12 @@ main (int argc, char **argv) gpgme_set_offline (ctx, offline); + if (no_trust_check) + { + err = gpgme_set_ctx_flag (ctx, "no-auto-check-trustdb", "1"); + fail_if_err (err); + } + if (trust_model) { err = gpgme_set_ctx_flag (ctx, "trust-model", trust_model);