diff options
| author | Neal H. Walfield <[email protected]> | 2016-11-21 21:47:30 +0000 |
|---|---|---|
| committer | Neal H. Walfield <[email protected]> | 2016-11-21 21:47:30 +0000 |
| commit | 037f9de09298a31026ea2ab5fbd4a599b11cc34f (patch) | |
| tree | 001dddfff8d6557ce9e24c8d1decb0ae692de8ff /g10/keyedit.c | |
| parent | g10: Correctly parameterize ngettext. (diff) | |
| download | gnupg-037f9de09298a31026ea2ab5fbd4a599b11cc34f.tar.gz gnupg-037f9de09298a31026ea2ab5fbd4a599b11cc34f.zip | |
g10: Cache the effective policy. Recompute it when required.
* g10/tofu.c (initdb): Add column effective_policy to the bindings
table.
(record_binding): New parameters effective_policy and set_conflict.
Save the effective policy. If SET_CONFLICT is set, then set conflict
according to CONFLICT. Otherwise, preserve the current value of
conflict. Update callers.
(get_trust): Don't compute the effective policy here...
(get_policy): ... do it here, if it was not cached. Take new
parameters, PK, the public key, and NOW, the time that the operation
started. Update callers.
(show_statistics): New parameter PK. Pass it to get_policy. Update
callers.
(tofu_notice_key_changed): New function.
* g10/gpgv.c (tofu_notice_key_changed): New stub.
* g10/import.c (import_revoke_cert): Take additional argument CTRL.
Pass it to keydb_update_keyblock.
* g10/keydb.c (keydb_update_keyblock): Take additional argument CTRL.
Update callers.
[USE_TOFU]: Call tofu_notice_key_changed.
* g10/test-stubs.c (tofu_notice_key_changed): New stub.
* tests/openpgp/tofu.scm: Assume that manually setting a binding's
policy to auto does not cause the tofu engine to forget about any
conflict.
--
Signed-off-by: Neal H. Walfield <[email protected]>
We now store the computed policy in the tofu DB (in the
effective_policy column of the bindings table) to avoid computing it
every time, which is expensive. Further, policy is never overridden
in case of a conflict. Instead, we detect a conflict if CONFLICT is
not empty.
This change is backwards compatible to existing DBs. The only minor
incompatibility is that unresolved conflicts won't be automatically
resolved in case we import a direct signature, or cross signatures.
Diffstat (limited to 'g10/keyedit.c')
| -rw-r--r-- | g10/keyedit.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/g10/keyedit.c b/g10/keyedit.c index 795be052d..5b77ee747 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -2782,7 +2782,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, case cmdSAVE: if (modified) { - err = keydb_update_keyblock (kdbhd, keyblock); + err = keydb_update_keyblock (ctrl, kdbhd, keyblock); if (err) { log_error (_("update failed: %s\n"), gpg_strerror (err)); @@ -2936,7 +2936,7 @@ keyedit_quick_adduid (ctrl_t ctrl, const char *username, const char *newuid) if (menu_adduid (ctrl, keyblock, 0, NULL, uidstring)) { - err = keydb_update_keyblock (kdbhd, keyblock); + err = keydb_update_keyblock (ctrl, kdbhd, keyblock); if (err) { log_error (_("update failed: %s\n"), gpg_strerror (err)); @@ -3039,7 +3039,7 @@ keyedit_quick_revuid (ctrl_t ctrl, const char *username, const char *uidtorev) gpg_strerror (err)); goto leave; } - err = keydb_update_keyblock (kdbhd, keyblock); + err = keydb_update_keyblock (ctrl, kdbhd, keyblock); if (err) { log_error (_("update failed: %s\n"), gpg_strerror (err)); @@ -3261,7 +3261,7 @@ keyedit_quick_sign (ctrl_t ctrl, const char *fpr, strlist_t uids, if (modified) { - err = keydb_update_keyblock (kdbhd, keyblock); + err = keydb_update_keyblock (ctrl, kdbhd, keyblock); if (err) { log_error (_("update failed: %s\n"), gpg_strerror (err)); @@ -3326,7 +3326,7 @@ keyedit_quick_addkey (ctrl_t ctrl, const char *fpr, const char *algostr, /* Store. */ if (modified) { - err = keydb_update_keyblock (kdbhd, keyblock); + err = keydb_update_keyblock (ctrl, kdbhd, keyblock); if (err) { log_error (_("update failed: %s\n"), gpg_strerror (err)); |