Implement GNUPG_ASSUME_COMPLIANCE envvar for testing

* common/compliance.c (assumed_de_vs_compliance): New.
(get_compliance_cache): Check envvar and fake compliance.
(gnupg_status_compliance_flag): Return 2023 for de-vs if in faked
mode.
* g10/gpg.c (gpgconf_list): For compliance_de_vs return 23 or 2023.
--

The user visible changes are that

   GNUPG_ASSUME_COMPLIANCE=de-vs gpgconf --list-options gpg \
     | awk -F: '$1=="compliance_de_vs" {print $8}'

returns 2023 if "compliance de-vs" is found in gpg.conf.  If
eventually the software is arpproved the returned value will be 23 and
not 1 as it was before.  Consumers should check whether they see value
of true (Kleopatra does this right now) and also check whether the
value is > 2000 and in this case print a beta/non-approved warning.

The envvar is currently used to assume that the underlying libgcrypt
is compliant and approved.  This is not yet the case but eventually
libgcrypt will announce this itself and from then on the envvar is not
anymore required for testing.

1 files changed, 4 insertions, 4 deletions

diff --git a/g10/gpg.c b/g10/gpg.c
index 6068eefd3..d8b1051d5 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -2012,11 +2012,11 @@ gpgconf_list (void)
              get_default_pubkey_algo ());
   /* This info only mode tells whether the we are running in de-vs
    * compliance mode.  This does not test all parameters but the basic
-   * conditions like a proper RNG and Libgcrypt.  AS of now we always
-   * return 0 because this version of gnupg has not yet received an
-   * approval. */
+   * conditions like a proper RNG and Libgcrypt.  */
   es_printf ("compliance_de_vs:%lu:%d:\n", GC_OPT_FLAG_DEFAULT,
-             0 /*gnupg_rng_is_compliant (CO_DE_VS)*/);
+             (opt.compliance==CO_DE_VS
+              && gnupg_rng_is_compliant (CO_DE_VS))?
+             atoi (gnupg_status_compliance_flag (CO_DE_VS)) : 0);
 
   es_printf ("use_keyboxd:%lu:%d:\n", GC_OPT_FLAG_DEFAULT, opt.use_keyboxd);