[Pkg-gnupg-commit] [gnupg2] 31/180: g10: Extend TOFU_STATS to always show the validity

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Dec 24 22:29:05 UTC 2016 

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch master
in repository gnupg2.

commit 2f27cb12e30c9f6e780354eecc3ff0039ed52c63
Author: Neal H. Walfield <neal at g10code.com>
Date:   Tue Nov 29 14:33:29 2016 +0100

    g10: Extend TOFU_STATS to always show the validity
    
    * doc/DETAILS (TOFU_STATS): Rename the VALIDITY field to SUMMARY.  Add
    a new field called VALIDITY.
    * g10/tofu.c (write_stats_status): Update output accordingly.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>
    
    Change TOFU_STATS as discussed offline with Werner, Justus and Andre.
---
 doc/DETAILS | 18 ++++++++++++------
 g10/tofu.c  | 30 +++++++++++++++++++-----------
 2 files changed, 31 insertions(+), 17 deletions(-)

diff --git a/doc/DETAILS b/doc/DETAILS
index a264e53..534c48c 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -722,14 +722,14 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
     userid encoded in UTF-8 and percent escaped.  The fingerprint is
     identical for all TOFU_USER lines up to a NEWSIG line.
 
-*** TOFU_STATS <validity> <sign-count> 0 [<policy> [<tm1> <tm2> <tm3> <tm4>]]
+*** TOFU_STATS <summary> <sign-count> <encryption-count> [<policy> [<tm1> <tm2> <tm3> <tm4> [<validity>]]]
 
     Statistics for the current user id.
 
-    Values for VALIDITY are:
-    - 0 :: conflict
-    - 1 :: key without history
-    - 2 :: key with too little history
+    Values for SUMMARY are:
+    - 0 :: attention, an interaction with the user is required (conflict)
+    - 1 :: key with no verification/encryption history
+    - 2 :: key with little history
     - 3 :: key with enough history for basic trust
     - 4 :: key with a lot of history
 
@@ -739,7 +739,8 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
     - good    :: Policy is "good"
     - bad     :: Policy is "bad"
     - ask     :: Policy is "ask"
-    - unknown :: Policy is not known.
+    - unknown :: Policy is "unknown" (TOFU information does not
+                 contribute to the key's validity)
 
     TM1 ist the time the first message was verified.  TM2 is the time
     the most recent message was verified.  TM3 is the time the first
@@ -747,6 +748,11 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
     either be seconds since Epoch or an ISO time string
     (yyyymmddThhmmss).
 
+    VALIDITY is the same as SUMMARY with the exception that VALIDITY
+    doesn't reflect whether the key needs attention.  That is it never
+    takes on value 0.  Instead, if there is a conflict, VALIDITY still
+    reflects the key's validity (values: 1-4).
+
 *** TOFU_STATS_SHORT <long_string>
 
     Information about the TOFU binding for the signature.
diff --git a/g10/tofu.c b/g10/tofu.c
index 8575947..bf2a048 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -2897,7 +2897,8 @@ write_stats_status (estream_t fp,
                     unsigned long encryption_first_done,
                     unsigned long encryption_most_recent)
 {
-  const char *validity;
+  int summary;
+  int validity;
   unsigned long messages;
 
   /* Use the euclidean distance (m = sqrt(a^2 + b^2)) rather then the
@@ -2907,34 +2908,41 @@ write_stats_status (estream_t fp,
                       + encryption_count * encryption_count);
 
   if (messages < 1)
-    validity = "1"; /* Key without history.  */
+    validity = 1; /* Key without history.  */
   else if (messages < 2 * BASIC_TRUST_THRESHOLD)
-    validity = "2"; /* Key with too little history.  */
+    validity = 2; /* Key with too little history.  */
   else if (messages < 2 * FULL_TRUST_THRESHOLD)
-    validity = "3"; /* Key with enough history for basic trust.  */
+    validity = 3; /* Key with enough history for basic trust.  */
   else
-    validity = "4"; /* Key with a lot of history.  */
+    validity = 4; /* Key with a lot of history.  */
+
+  if (policy == TOFU_POLICY_ASK)
+    summary = 0; /* Key requires attention.  */
+  else
+    summary = validity;
 
   if (fp)
     {
-      es_fprintf (fp, "tfs:1:%s:%lu:%lu:%s:%lu:%lu:%lu:%lu:\n",
-                  validity, signature_count, encryption_count,
+      es_fprintf (fp, "tfs:1:%d:%lu:%lu:%s:%lu:%lu:%lu:%lu:%d:\n",
+                  summary, signature_count, encryption_count,
                   tofu_policy_str (policy),
                   signature_first_seen, signature_most_recent,
-                  encryption_first_done, encryption_most_recent);
+                  encryption_first_done, encryption_most_recent,
+                  validity);
     }
   else
     {
       write_status_printf (STATUS_TOFU_STATS,
-                           "%s %lu %lu %s %lu %lu %lu %lu",
-                           validity,
+                           "%d %lu %lu %s %lu %lu %lu %lu %d",
+                           summary,
                            signature_count,
                            encryption_count,
                            tofu_policy_str (policy),
                            signature_first_seen,
                            signature_most_recent,
                            encryption_first_done,
-                           encryption_most_recent);
+                           encryption_most_recent,
+                           validity);
     }
 }
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git

More information about the Pkg-gnupg-commit mailing list