diff options
| -rw-r--r-- | doc/gpg.texi | 3 | ||||
| -rw-r--r-- | g10/tdbio.c | 29 |
2 files changed, 27 insertions, 5 deletions
diff --git a/doc/gpg.texi b/doc/gpg.texi index 843e91c5c..ba1df4bfb 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1724,7 +1724,8 @@ Set what trust model GnuPG should follow. The models are: @opindex trust-model:auto Select the trust model depending on whatever the internal trust database says. This is the default model if such a database already - exists. + exists. Note that a tofu trust model is not considered here and + must be enabled explicitly. @end table @item --auto-key-locate @var{mechanisms} diff --git a/g10/tdbio.c b/g10/tdbio.c index fed0cf5ab..8f7530621 100644 --- a/g10/tdbio.c +++ b/g10/tdbio.c @@ -562,6 +562,12 @@ tdbio_update_version_record (ctrl_t ctrl) { TRUSTREC rec; int rc; + int opt_tm; + + /* Never store a TOFU trust model in the trustdb. Use PGP instead. */ + opt_tm = opt.trust_model; + if (opt_tm == TM_TOFU || opt_tm == TM_TOFU_PGP) + opt_tm = TM_PGP; memset (&rec, 0, sizeof rec); @@ -572,7 +578,7 @@ tdbio_update_version_record (ctrl_t ctrl) rec.r.ver.marginals = opt.marginals_needed; rec.r.ver.completes = opt.completes_needed; rec.r.ver.cert_depth = opt.max_cert_depth; - rec.r.ver.trust_model = opt.trust_model; + rec.r.ver.trust_model = opt_tm; rec.r.ver.min_cert_level = opt.min_cert_level; rc = tdbio_write_record (ctrl, &rec); } @@ -591,6 +597,12 @@ create_version_record (ctrl_t ctrl) { TRUSTREC rec; int rc; + int opt_tm; + + /* Never store a TOFU trust model in the trustdb. Use PGP instead. */ + opt_tm = opt.trust_model; + if (opt_tm == TM_TOFU || opt_tm == TM_TOFU_PGP) + opt_tm = TM_PGP; memset (&rec, 0, sizeof rec); rec.r.ver.version = 3; @@ -598,8 +610,8 @@ create_version_record (ctrl_t ctrl) rec.r.ver.marginals = opt.marginals_needed; rec.r.ver.completes = opt.completes_needed; rec.r.ver.cert_depth = opt.max_cert_depth; - if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC) - rec.r.ver.trust_model = opt.trust_model; + if (opt_tm == TM_PGP || opt_tm == TM_CLASSIC) + rec.r.ver.trust_model = opt_tm; else rec.r.ver.trust_model = TM_PGP; rec.r.ver.min_cert_level = opt.min_cert_level; @@ -883,16 +895,25 @@ tdbio_db_matches_options() { TRUSTREC vr; int rc; + int opt_tm, tm; rc = tdbio_read_record (0, &vr, RECTYPE_VER); if( rc ) log_fatal( _("%s: error reading version record: %s\n"), db_name, gpg_strerror (rc) ); + /* Consider tofu and pgp the same. */ + tm = vr.r.ver.trust_model; + if (tm == TM_TOFU || tm == TM_TOFU_PGP) + tm = TM_PGP; + opt_tm = opt.trust_model; + if (opt_tm == TM_TOFU || opt_tm == TM_TOFU_PGP) + opt_tm = TM_PGP; + yes_no = vr.r.ver.marginals == opt.marginals_needed && vr.r.ver.completes == opt.completes_needed && vr.r.ver.cert_depth == opt.max_cert_depth - && vr.r.ver.trust_model == opt.trust_model + && tm == opt_tm && vr.r.ver.min_cert_level == opt.min_cert_level; } |