diff options
| author | Werner Koch <[email protected]> | 2024-10-07 07:59:26 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2024-10-07 07:59:26 +0000 |
| commit | b287fb577587655559fefb90f7ed90c9a15dc6a3 (patch) | |
| tree | 774d9420bb52c659c230c283d474c1634ff1dcf7 /doc | |
| parent | gpg: Emit status error for an invalid ADSK. (diff) | |
| download | gnupg-b287fb577587655559fefb90f7ed90c9a15dc6a3.tar.gz gnupg-b287fb577587655559fefb90f7ed90c9a15dc6a3.zip | |
Implement GNUPG_ASSUME_COMPLIANCE envvar for testing
* common/compliance.c (assumed_de_vs_compliance): New.
(get_compliance_cache): Check envvar and fake compliance.
(gnupg_status_compliance_flag): Return 2023 for de-vs if in faked
mode.
* g10/gpg.c (gpgconf_list): For compliance_de_vs return 23 or 2023.
--
The user visible changes are that
GNUPG_ASSUME_COMPLIANCE=de-vs gpgconf --list-options gpg \
| awk -F: '$1=="compliance_de_vs" {print $8}'
returns 2023 if "compliance de-vs" is found in gpg.conf. If
eventually the software is arpproved the returned value will be 23 and
not 1 as it was before. Consumers should check whether they see value
of true (Kleopatra does this right now) and also check whether the
value is > 2000 and in this case print a beta/non-approved warning.
The envvar is currently used to assume that the underlying libgcrypt
is compliant and approved. This is not yet the case but eventually
libgcrypt will announce this itself and from then on the envvar is not
anymore required for testing.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/DETAILS | 2 | ||||
| -rw-r--r-- | doc/gpg.texi | 8 |
2 files changed, 10 insertions, 0 deletions
diff --git a/doc/DETAILS b/doc/DETAILS index d50de6d60..a02456499 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -257,6 +257,8 @@ described here. - 8 :: The key is compliant with RFC4880bis - 23 :: The key is compliant with compliance mode "de-vs". + - 2023 :: The key is compliant with a compliance mode "de-vs" but + the software has not yet been approved. - 6001 :: Screening hit on the ROCA vulnerability. *** Field 19 - Last update diff --git a/doc/gpg.texi b/doc/gpg.texi index e88ba8589..9aac29fb2 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -4205,6 +4205,14 @@ Operation is further controlled by a few environment variables: A numeric decimal value is expected. Bit 0 enables general diagnostics, bit 1 enables certain warnings on Windows. + + @item GNUPG_ASSUME_COMPLIANCE + @efindex GNUPG_ASSUME_COMPLIANCE + Debug helper to set the system into an assume compliance state. For + example in de-vs mode this will return 2023 as identifier instead of + 23. + + @end table When calling the gpg-agent component @command{@gpgname} sends a set of |