core: New context flag "no-auto-check-trustdb"

* src/context.h (gpgme_context): Add field no_auto_check_trustdb. * src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): Add flag "no-auto-check-trustdb". * src/engine-gpg.c (engine_gpg): Add flags.no_auto_check_trustdb. (gpg_set_engine_flags): Set the flag. (build_argv): Pass option to gpg. * tests/run-keylist.c (show_usage, main): Add option --no-trust-check. -- This makes the --no-auto-check-trustdb option available in the GPGME API to disable the potentially expensive automatic trust database check. GnuPG-bug-id: 6261
2022-11-04 10:21:25 +01:00 · 2022-11-04 10:21:25 +01:00 · 4f874ea431
commit 4f874ea431
parent 9f5e117292
6 changed files with 51 additions and 0 deletions
--- a/4
+++ b/4
@ -1,6 +1,8 @@
 Noteworthy changes in version 1.18.1 (unreleased)
 -------------------------------------------------

+ * New context flag "no-auto-check-trustdb".  [T6261]
+
 * Optionally, build QGpgME for Qt 6

 * cpp: Handle error when trying to sign expired keys.  [T6155]
@ -15,6 +17,8 @@ Noteworthy changes in version 1.18.1 (unreleased)

 * Interface changes relative to the 1.18.0 release:
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ gpgme_get_ctx_flag                EXTENDED: New flag 'no-auto-check-trustdb'.
+ gpgme_set_ctx_flag                EXTENDED: New flag 'no-auto-check-trustdb'.
 cpp: GpgGenCardKeyInteractor::Curve        NEW.
 cpp: GpgGenCardKeyInteractor::setCurve     NEW.

--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@ -3236,6 +3236,11 @@ The string given in @var{value} is passed to the GnuPG engine to use as
 filter when importing keys.  Valid values are documented in the GnuPG
 manual and the gpg man page under the option @option{--import-filter}.

+@item "no-auto-check-trustdb"
+@since{1.18.1}
+Setting the @var{value} to "1" forces the GPG backend to disable the
+automatic check of the trust database.
+
@end table

 This function returns @code{0} on success.
--- a/src/context.h
+++ b/src/context.h
@ -134,6 +134,9 @@ struct gpgme_context
   * after the operation.  */
  unsigned int ignore_mdc_error : 1;

+  /* True if the option --no-auto-check-trustdb shall be passed to gpg.  */
+  unsigned int no_auto_check_trustdb : 1;
+
  /* Pass --expert to gpg edit key. */
  unsigned int extended_edit : 1;

--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@ -150,6 +150,7 @@ struct engine_gpg
    unsigned int ignore_mdc_error : 1;
    unsigned int include_key_block : 1;
    unsigned int auto_key_import : 1;
+    unsigned int no_auto_check_trustdb : 1;
  } flags;

  /* NULL or the data object fed to --override_session_key-fd.  */
@ -695,6 +696,8 @@ gpg_set_engine_flags (void *engine, const gpgme_ctx_t ctx)
      if (ctx->include_key_block)
        gpg->flags.include_key_block = 1;
    }
+
+  gpg->flags.no_auto_check_trustdb = !!ctx->no_auto_check_trustdb;
 }


@ -934,6 +937,8 @@ build_argv (engine_gpg_t gpg, const char *pgmname)
    argc++;
  if (gpg->flags.offline)
    argc++;
+  if (gpg->flags.no_auto_check_trustdb)
+    argc++;
  if (gpg->pinentry_mode)
    argc++;
  if (!gpg->cmd.used)
@ -1070,6 +1075,19 @@ build_argv (engine_gpg_t gpg, const char *pgmname)
      argc++;
    }

+  if (gpg->flags.no_auto_check_trustdb)
+    {
+      argv[argc] = strdup ("--no-auto-check-trustdb");
+      if (!argv[argc])
+	{
+          int saved_err = gpg_error_from_syserror ();
+	  free (fd_data_map);
+	  free_argv (argv);
+	  return saved_err;
+        }
+      argc++;
+    }
+
  if (gpg->pinentry_mode && have_gpg_version (gpg, "2.1.0"))
    {
      const char *s = NULL;
--- a/src/gpgme.c
+++ b/src/gpgme.c
@ -607,6 +607,10 @@ gpgme_set_ctx_flag (gpgme_ctx_t ctx, const char *name, const char *value)
      if (!ctx->import_filter)
        err = gpg_error_from_syserror ();
    }
+  else if (!strcmp (name, "no-auto-check-trustdb"))
+    {
+      ctx->no_auto_check_trustdb = abool;
+    }
  else
    err = gpg_error (GPG_ERR_UNKNOWN_NAME);

@ -688,6 +692,10 @@ gpgme_get_ctx_flag (gpgme_ctx_t ctx, const char *name)
    {
      return ctx->import_filter? ctx->import_filter : "";
    }
+  else if (!strcmp (name, "no-auto-check-trustdb"))
+    {
+      return ctx->no_auto_check_trustdb? "1":"";
+    }
  else
    return NULL;
 }
--- a/tests/run-keylist.c
+++ b/tests/run-keylist.c
@ -58,6 +58,7 @@ show_usage (int ex)
         "  --validate       use GPGME_KEYLIST_MODE_VALIDATE\n"
         "  --import         import all keys\n"
         "  --offline        use offline mode\n"
+         "  --no-trust-check disable automatic trust database check\n"
         "  --from-file      list all keys in the given file\n"
         "  --from-wkd       list key from a web key directory\n"
         "  --require-gnupg  required at least the given GnuPG version\n"
@ -103,6 +104,7 @@ main (int argc, char **argv)
  gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP;
  int only_secret = 0;
  int offline = 0;
+  int no_trust_check = 0;
  int from_file = 0;
  int from_wkd = 0;
  gpgme_data_t data = NULL;
@ -192,6 +194,11 @@ main (int argc, char **argv)
          offline = 1;
          argc--; argv++;
        }
+      else if (!strcmp (*argv, "--no-trust-check"))
+        {
+          no_trust_check = 1;
+          argc--; argv++;
+        }
      else if (!strcmp (*argv, "--from-file"))
        {
          from_file = 1;
@ -238,6 +245,12 @@ main (int argc, char **argv)

  gpgme_set_offline (ctx, offline);

+  if (no_trust_check)
+    {
+      err = gpgme_set_ctx_flag (ctx, "no-auto-check-trustdb", "1");
+      fail_if_err (err);
+    }
+
  if (trust_model)
    {
      err = gpgme_set_ctx_flag (ctx, "trust-model", trust_model);