Make allow-mark-trusted the default. Add relax flag.
authorWerner Koch <wk@gnupg.org>
Mon, 24 Jan 2011 17:00:15 +0000 (17:00 +0000)
committerWerner Koch <wk@gnupg.org>
Mon, 24 Jan 2011 17:00:15 +0000 (17:00 +0000)
Beware: Not testet!

ChangeLog
Makefile.am
patches/gnupg2/02-allow-mark-trusted.patch [new file with mode: 0755]

index ebf6d49..6f27aab 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2011-01-24  Werner Koch  <wk@g10code.com>
+
+       * patches/gnupg2/02-allow-mark-trusted.patch: New.
+       * Makefile.am (EXTRA_DIST): Add it.
+
 2011-01-19  Emanuel Schuetze <emanuel@intevation.de>
 
        * src/inst-gpa.nsi: Unselect GPA by default in gpg4win full installer. 
index 8d34ee0..c0c545a 100644 (file)
@@ -41,6 +41,7 @@ EXTRA_DIST = autogen.sh README.SVN ONEWS \
         patches/gpgme-1.2.0/05-is-socket.patch \
        patches/gpgex-0.9.5/01-default-no-suffix.patch \
        patches/gnupg2/01-version.patch.in \
+       patches/gnupg2/02-allow-mark-trusted.patch \
        patches/gnupg2-2.0.9/01-close-all-handle.patch \
        patches/gnupg2-2.0.9/02-de.po-fix.patch \
        patches/gnupg2-2.0.9/03-i18n+etc.patch \
diff --git a/patches/gnupg2/02-allow-mark-trusted.patch b/patches/gnupg2/02-allow-mark-trusted.patch
new file mode 100755 (executable)
index 0000000..0b09237
--- /dev/null
@@ -0,0 +1,104 @@
+#! /bin/sh
+patch -p1 -f $* < $0
+exit $?
+
+Make option allow-mark-trusted the default
+Also add new option no-allow-mark-trusted.
+Always set the relax flag when changing an trustlist item.
+
+diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
+index 7671a51..eacb1c9 100644
+--- a/agent/gpg-agent.c
++++ b/agent/gpg-agent.c
+@@ -101,6 +101,7 @@ enum cmd_and_opt_values
+   oIgnoreCacheForSigning,
+   oAllowMarkTrusted,
++  oNoAllowMarkTrusted,
+   oAllowPresetPassphrase,
+   oKeepTTY,
+   oKeepDISPLAY,
+@@ -172,8 +173,9 @@ static ARGPARSE_OPTS opts[] = {
+   { oIgnoreCacheForSigning, "ignore-cache-for-signing", 0,
+                                N_("do not use the PIN cache when signing")},
+-  { oAllowMarkTrusted, "allow-mark-trusted", 0,
+-                             N_("allow clients to mark keys as \"trusted\"")},
++  { oNoAllowMarkTrusted, "no-allow-mark-trusted", 0,
++                            N_("disallow clients to mark keys as \"trusted\"")},
++  { oAllowMarkTrusted, "allow-mark-trusted", 0, "@"},
+   { oAllowPresetPassphrase, "allow-preset-passphrase", 0,
+                              N_("allow presetting passphrase")},
+   { oSSHSupport, "enable-ssh-support", 0, N_("enable ssh-agent emulation") },
+@@ -472,7 +474,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
+       opt.max_passphrase_days = MAX_PASSPHRASE_DAYS;
+       opt.enable_passhrase_history = 0;
+       opt.ignore_cache_for_signing = 0;
+-      opt.allow_mark_trusted = 0;
++      opt.allow_mark_trusted = 1;
+       opt.disable_scdaemon = 0;
+       return 1;
+     }
+@@ -532,6 +534,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
+     case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break;
+     case oAllowMarkTrusted: opt.allow_mark_trusted = 1; break;
++    case oNoAllowMarkTrusted: opt.allow_mark_trusted = 0; break;
+     case oAllowPresetPassphrase: opt.allow_preset_passphrase = 1; break;
+@@ -921,7 +924,7 @@ main (int argc, char **argv )
+               GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
+       printf ("ignore-cache-for-signing:%lu:\n",
+               GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
+-      printf ("allow-mark-trusted:%lu:\n",
++      printf ("no-allow-mark-trusted:%lu:\n",
+               GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
+       printf ("disable-scdaemon:%lu:\n",
+               GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
+diff --git a/agent/trustlist.c b/agent/trustlist.c
+index be5406b..ef9c661 100644
+--- a/agent/trustlist.c
++++ b/agent/trustlist.c
+@@ -731,7 +731,8 @@ agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag)
+     }
+   else
+     es_fputs (nameformatted, fp);
+-  es_fprintf (fp, "\n%s%s %c\n", yes_i_trust?"":"!", fprformatted, flag);
++  es_fprintf (fp, "\n%s%s %c%s\n", yes_i_trust?"":"!", fprformatted, flag,
++              flag == 'S'? " relax":"");
+   if (es_ferror (fp))
+     err = gpg_error_from_syserror ();
+   
+diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
+index 1b0e446..207c8b8 100644
+--- a/tools/gpgconf-comp.c
++++ b/tools/gpgconf-comp.c
+@@ -526,8 +526,8 @@ static gc_option_t gc_options_gpg_agent[] =
+    { "ignore-cache-for-signing", GC_OPT_FLAG_RUNTIME,
+      GC_LEVEL_BASIC, "gnupg", "do not use the PIN cache when signing",
+      GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
+-   { "allow-mark-trusted", GC_OPT_FLAG_RUNTIME,
+-     GC_LEVEL_ADVANCED, "gnupg", "allow clients to mark keys as \"trusted\"",
++   { "no-allow-mark-trusted", GC_OPT_FLAG_RUNTIME,
++     GC_LEVEL_ADVANCED, "gnupg", "disallow clients to mark keys as \"trusted\"",
+      GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
+    { "no-grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
+      "gnupg", "do not grab keyboard and mouse",
+
+diff --git a/po/de.po b/po/de.po
+--- a/po/de.po
++++ b/po/de.po
+@@ -426,8 +426,8 @@
+ msgstr "benutze PINs im Cache nicht beim Signieren"
+ #: agent/gpg-agent.c:176
+-msgid "allow clients to mark keys as \"trusted\""
+-msgstr "erlaube Aufrufern Schlüssel als \"vertrauenswürdig\" zu markieren"
++msgid "disallow clients to mark keys as \"trusted\""
++msgstr "verbiete Aufrufern Schlüssel als \"vertrauenswürdig\" zu markieren"
+ #: agent/gpg-agent.c:178
+ msgid "allow presetting passphrase"
+
+