diff options
| author | Neal H. Walfield <neal@g10code.com> | 2016-11-22 15:05:59 +0100 |
|---|---|---|
| committer | Neal H. Walfield <neal@g10code.com> | 2016-11-22 15:24:05 +0100 |
| commit | 44c17bcb003a3330f595a6ab144e8439b7b630cb (patch) | |
| tree | b64a6ba54422757471166b2a54f0aa773412681d /tests | |
| parent | scd: Fix receive buffer size. (diff) | |
| download | gnupg2-44c17bcb003a3330f595a6ab144e8439b7b630cb.tar.xz gnupg2-44c17bcb003a3330f595a6ab144e8439b7b630cb.zip | |
g10: If the set of UTKs changes, invalidate any changed policies.
* g10/trustdb.c (tdb_utks): New function.
* g10/tofu.c (check_utks): New function.
(initdb): Call it.
* tests/openpgp/tofu.scm: Modify test to check the effective policy of
keys whose effective policy changes when we change the set of UTKs.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
If the set of ultimately trusted keys changes, then it is possible
that a binding's effective policy changes. To deal with this, we
detect when the set of ultimately trusted keys changes and invalidate
all cached policies.
Diffstat (limited to 'tests')
| -rwxr-xr-x | tests/openpgp/tofu.scm | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/tests/openpgp/tofu.scm b/tests/openpgp/tofu.scm index 2a04d13a2..e1fa00191 100755 --- a/tests/openpgp/tofu.scm +++ b/tests/openpgp/tofu.scm @@ -248,6 +248,21 @@ ;; Alice has an ultimately trusted key and she signs Bob's key. Then ;; Bob adds a new user id, "Alice". TOFU should now detect a ;; conflict, because Alice only signed Bob's "Bob" user id. +;; +;; +;; The Alice key: +;; pub rsa2048 2016-10-11 [SC] +;; 1938C3A0E4674B6C217AC0B987DB2814EC38277E +;; uid [ultimate] Spy Cow <spy@cow.com> +;; sub rsa2048 2016-10-11 [E] +;; +;; The Bob key: +;; +;; pub rsa2048 2016-10-11 [SC] +;; DC463A16E42F03240D76E8BA8B48C6BD871C2247 +;; uid [ full ] Spy R. Cow <spy@cow.com> +;; uid [ full ] Spy R. Cow <spy@cow.de> +;; sub rsa2048 2016-10-11 [E] (display "Checking UTK sigs...\n") (define GPG `(,(tool 'gpg) --no-permission-warning @@ -279,12 +294,18 @@ (call-check `(,@GPG --import ,(in-srcdir DIR (string-append KEYIDB "-1.gpg")))) (display "<\n") +(checkpolicy KEYA "auto") +(checkpolicy KEYB "auto") + ;; Import the cross sigs. (display " > Adding cross signatures. ") (call-check `(,@GPG --import ,(in-srcdir DIR (string-append KEYIDA "-2.gpg")))) (call-check `(,@GPG --import ,(in-srcdir DIR (string-append KEYIDB "-2.gpg")))) (display "<\n") +(checkpolicy KEYA "auto") +(checkpolicy KEYB "auto") + ;; Make KEYA ultimately trusted. (display (string-append " > Marking " KEYA " as ultimately trusted. ")) (pipe:do |