diff options
| author | Neal H. Walfield <[email protected]> | 2015-10-21 11:28:15 +0000 |
|---|---|---|
| committer | Neal H. Walfield <[email protected]> | 2015-10-21 11:45:48 +0000 |
| commit | d05ff81732e20e6f9d6d7a6281a96a312b001abb (patch) | |
| tree | 4e158b62458e076486e589144e9bc0df2fc884c3 | |
| parent | gpg: Factor out code into a standalone function. (diff) | |
| download | gnupg-d05ff81732e20e6f9d6d7a6281a96a312b001abb.tar.gz gnupg-d05ff81732e20e6f9d6d7a6281a96a312b001abb.zip | |
gpg: Keep the trust DB up to date for the tofu and tofu+pgp models.
* g10/trustdb.c (init_trustdb): Recognize tofu and tofu+pgp as
possibly saved trust models. Also register the ultimately trusted
keys if the trust model is tofu or tofu+pgp.
(check_trustdb): Don't skip if the trust model is tofu or tofu+pgp.
(update_trustdb): Likewise.
(tdb_check_trustdb_stale): Likewise.
(validate_keys): If the trust model is TOFU, just write out the
ultimately trusted keys.
--
Signed-off-by: Neal H. Walfield <[email protected]>
Diffstat (limited to '')
| -rw-r--r-- | g10/trustdb.c | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/g10/trustdb.c b/g10/trustdb.c index 1be98b5f5..296083c18 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -459,9 +459,11 @@ init_trustdb () opt.trust_model=tdbio_read_model(); /* Sanity check this ;) */ - if(opt.trust_model!=TM_CLASSIC - && opt.trust_model!=TM_PGP - && opt.trust_model!=TM_EXTERNAL) + if(opt.trust_model != TM_CLASSIC + && opt.trust_model != TM_PGP + && opt.trust_model != TM_TOFU_PGP + && opt.trust_model != TM_TOFU + && opt.trust_model != TM_EXTERNAL) { log_info(_("unable to use unknown trust model (%d) - " "assuming %s trust model\n"),opt.trust_model,"PGP"); @@ -472,7 +474,8 @@ init_trustdb () log_info(_("using %s trust model\n"),trust_model_string()); } - if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC) + if (opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC + || opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP) { /* Verify the list of ultimately trusted keys and move the --trusted-keys list there as well. */ @@ -494,7 +497,8 @@ void check_trustdb () { init_trustdb(); - if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC) + if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC + || opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU) { if (opt.batch && !opt.answer_yes) { @@ -530,7 +534,8 @@ void update_trustdb() { init_trustdb(); - if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC) + if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC + || opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU) validate_keys (1); else log_info (_("no need for a trustdb update with '%s' trust model\n"), @@ -946,7 +951,8 @@ tdb_check_trustdb_stale (void) return; /* No trustdb => can't be stale. */ if (!did_nextcheck - && (opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)) + && (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC + || opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)) { ulong scheduled; @@ -1938,6 +1944,11 @@ validate_keys (int interactive) do_sync (); } + if (opt.trust_model == TM_TOFU) + /* In the TOFU trust model, we only need to save the ultimately + trusted keys. */ + goto leave; + klist = utk_list; log_info(_("%d marginal(s) needed, %d complete(s) needed, %s trust model\n"), |