[Pkg-gnupg-commit] [gnupg2] 41/118: g10: Add support for TRUST_NEVER.

Thu Sep 15 18:25:05 UTC 2016

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch encoding-and-speling
in repository gnupg2.

commit f2e5cb6ffb55e49a05d452cd85e45f6f67c20abb
Author: Neal H. Walfield <neal at g10code.com>
Date:   Thu Sep 1 13:29:56 2016 +0200

    g10: Add support for TRUST_NEVER.
    
    * g10/pkclist.c (do_we_trust): Handle TRUST_NEVER, which can be
    returned by the TOFU trust model.
    (do_we_trust_pre): Print a different message if TRUSTLEVEL is
    TRUST_NEVER.
    (check_signatures_trust): Improve comment.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>
---
 g10/pkclist.c | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/g10/pkclist.c b/g10/pkclist.c
index 63d32d1..f7b2483 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -449,6 +449,13 @@ do_we_trust( PKT_public_key *pk, unsigned int trustlevel )
       if( opt.verbose )
 	log_info(_("This key belongs to us\n"));
       return 1; /* yes */
+
+    case TRUST_NEVER:
+      /* This is retruned can be returned by TOFU, which can return
+         negative assertions.  */
+      log_info(_("%s: This key is bad!  It has been marked as untrusted!\n"),
+               keystr_from_pk(pk));
+      return 0; /* no */
     }
 
   return 1; /*NOTREACHED*/
@@ -472,10 +479,16 @@ do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel )
       print_fingerprint (NULL, pk, 2);
       tty_printf("\n");
 
-      tty_printf(
-	       _("It is NOT certain that the key belongs to the person named\n"
-		 "in the user ID.  If you *really* know what you are doing,\n"
-		 "you may answer the next question with yes.\n"));
+      if ((trustlevel & TRUST_MASK) == TRUST_NEVER)
+        tty_printf(
+          _("This key has is bad!  It has been marked as untrusted!  If you\n"
+            "*really* know what you are doing, you may answer the next\n"
+            "question with yes.\n"));
+      else
+        tty_printf(
+          _("It is NOT certain that the key belongs to the person named\n"
+            "in the user ID.  If you *really* know what you are doing,\n"
+            "you may answer the next question with yes.\n"));
 
       tty_printf("\n");
 
@@ -654,7 +667,8 @@ check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
       break;
 
     case TRUST_NEVER:
-      /* currently we won't get that status */
+      /* This level can be returned by TOFU, which supports negative
+       * assertions.  */
       write_trust_status (STATUS_TRUST_NEVER, trustlevel);
       log_info(_("WARNING: We do NOT trust this key!\n"));
       log_info(_("         The signature is probably a FORGERY.\n"));

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git

