[Pkg-gnupg-commit] [gnupg2] 31/180: g10: Extend TOFU_STATS to always show the validity
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Dec 24 22:29:05 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit 2f27cb12e30c9f6e780354eecc3ff0039ed52c63
Author: Neal H. Walfield <neal at g10code.com>
Date: Tue Nov 29 14:33:29 2016 +0100
g10: Extend TOFU_STATS to always show the validity
* doc/DETAILS (TOFU_STATS): Rename the VALIDITY field to SUMMARY. Add
a new field called VALIDITY.
* g10/tofu.c (write_stats_status): Update output accordingly.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
Change TOFU_STATS as discussed offline with Werner, Justus and Andre.
---
doc/DETAILS | 18 ++++++++++++------
g10/tofu.c | 30 +++++++++++++++++++-----------
2 files changed, 31 insertions(+), 17 deletions(-)
diff --git a/doc/DETAILS b/doc/DETAILS
index a264e53..534c48c 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -722,14 +722,14 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
userid encoded in UTF-8 and percent escaped. The fingerprint is
identical for all TOFU_USER lines up to a NEWSIG line.
-*** TOFU_STATS <validity> <sign-count> 0 [<policy> [<tm1> <tm2> <tm3> <tm4>]]
+*** TOFU_STATS <summary> <sign-count> <encryption-count> [<policy> [<tm1> <tm2> <tm3> <tm4> [<validity>]]]
Statistics for the current user id.
- Values for VALIDITY are:
- - 0 :: conflict
- - 1 :: key without history
- - 2 :: key with too little history
+ Values for SUMMARY are:
+ - 0 :: attention, an interaction with the user is required (conflict)
+ - 1 :: key with no verification/encryption history
+ - 2 :: key with little history
- 3 :: key with enough history for basic trust
- 4 :: key with a lot of history
@@ -739,7 +739,8 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
- good :: Policy is "good"
- bad :: Policy is "bad"
- ask :: Policy is "ask"
- - unknown :: Policy is not known.
+ - unknown :: Policy is "unknown" (TOFU information does not
+ contribute to the key's validity)
TM1 ist the time the first message was verified. TM2 is the time
the most recent message was verified. TM3 is the time the first
@@ -747,6 +748,11 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
either be seconds since Epoch or an ISO time string
(yyyymmddThhmmss).
+ VALIDITY is the same as SUMMARY with the exception that VALIDITY
+ doesn't reflect whether the key needs attention. That is it never
+ takes on value 0. Instead, if there is a conflict, VALIDITY still
+ reflects the key's validity (values: 1-4).
+
*** TOFU_STATS_SHORT <long_string>
Information about the TOFU binding for the signature.
diff --git a/g10/tofu.c b/g10/tofu.c
index 8575947..bf2a048 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -2897,7 +2897,8 @@ write_stats_status (estream_t fp,
unsigned long encryption_first_done,
unsigned long encryption_most_recent)
{
- const char *validity;
+ int summary;
+ int validity;
unsigned long messages;
/* Use the euclidean distance (m = sqrt(a^2 + b^2)) rather then the
@@ -2907,34 +2908,41 @@ write_stats_status (estream_t fp,
+ encryption_count * encryption_count);
if (messages < 1)
- validity = "1"; /* Key without history. */
+ validity = 1; /* Key without history. */
else if (messages < 2 * BASIC_TRUST_THRESHOLD)
- validity = "2"; /* Key with too little history. */
+ validity = 2; /* Key with too little history. */
else if (messages < 2 * FULL_TRUST_THRESHOLD)
- validity = "3"; /* Key with enough history for basic trust. */
+ validity = 3; /* Key with enough history for basic trust. */
else
- validity = "4"; /* Key with a lot of history. */
+ validity = 4; /* Key with a lot of history. */
+
+ if (policy == TOFU_POLICY_ASK)
+ summary = 0; /* Key requires attention. */
+ else
+ summary = validity;
if (fp)
{
- es_fprintf (fp, "tfs:1:%s:%lu:%lu:%s:%lu:%lu:%lu:%lu:\n",
- validity, signature_count, encryption_count,
+ es_fprintf (fp, "tfs:1:%d:%lu:%lu:%s:%lu:%lu:%lu:%lu:%d:\n",
+ summary, signature_count, encryption_count,
tofu_policy_str (policy),
signature_first_seen, signature_most_recent,
- encryption_first_done, encryption_most_recent);
+ encryption_first_done, encryption_most_recent,
+ validity);
}
else
{
write_status_printf (STATUS_TOFU_STATS,
- "%s %lu %lu %s %lu %lu %lu %lu",
- validity,
+ "%d %lu %lu %s %lu %lu %lu %lu %d",
+ summary,
signature_count,
encryption_count,
tofu_policy_str (policy),
signature_first_seen,
signature_most_recent,
encryption_first_done,
- encryption_most_recent);
+ encryption_most_recent,
+ validity);
}
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list