gpgme library calls gpg with --list-trust-path
Open, NormalPublic

Description

I'm trying to list the trust status of a key through the gpgme library (through it's rust bindings, but that's not really relevant for this bug)

The gpgme function that gets called seems to be gpgme_op_trustlist_start and it calls gpg on my system like this according to strace:

[pid 7119] execve("/usr/bin/gpg", ["gpg", "--batch", "--no-sk-comments", "--status-fd", "9", "--no-tty", "--charset", "utf8", "--enable-progress-filter", "--exit-on-status-write-error", "--display", ":0.0", "--ttyname", "/dev/pts/1", "--ttytype", "xterm-256color", "--logger-fd", "13", "--with-colons", "--list-trust-path", "--", "DF0C3D316B7312D5"], 0x55a3fb2c7d10 /* 57 vars */) = 0
[pid 7119] arch_prctl(0x3001 /* ARCH_??? */, 0x7ffcac60eff0) = -1 EINVAL (Invalid argument)
[pid 7119] arch_prctl(ARCH_SET_FS, 0x7f12b973c740) = 0
[pid 7119] exit_group(2) = ?

The option --list-trust-path seems to have been removed from gpg.

The version of gpgme that I have installed is 1.12.0-6ubuntu1 and gpg is 2.2.12-1ubuntu3

Details

Version
1.12.0
capitol created this task.Feb 1 2020, 7:19 PM

maybe gpgme should be changed to parse --export-ownertrust instead?

werner triaged this task as Normal priority.Feb 3 2020, 3:28 PM
werner added a project: gpgme.
werner added subscribers: dshaw, marcus, werner.

Funny. I looked into the history of that function: @dshaw removed the option --list-trust-path from gnupg 1.x in December 2002. He commented

  • g10.c (main): Comment out --list-trust-path until it can be implemented.

AFAICR, we implemented that as an experimental feature to make it easier to look into the trustdb. It reveals the internal structure of the trustdb, that should not go into a public API. Now why do we have that in GPGME? @marcus implemented and documented the API in the summer of 2002 while he was working on the new event based model of GPGME. It is quite likely that he did this just for debugging the event handling or to show how it can also be used. Maybe he used GnuPG 1.0 at that time and not the current development branch

The code in gpgme somehow survived until today and nobody ever complained that it does not return any data the last 18 years.

You should use the regular key listing commands with a gpgme_set_keylisting_mode (ctx, GPGME_KEYLIST_MODE_SIGS) and build up the web of trust yourself. All information should be instantly available in the key objects.

I am sorry for that cruft in gpgme. We will keep the API in gpgme but remove the documentation and let the code not even call gpg anymore but return EOF directly.