Page MenuHome GnuPG
Create Task
Maniphest T7350

Kleopatra: Don't offer "Trust root certificate" if users are not allowed to do this
Testing, NormalPublic
Actions

Description

If gpg-agent's no-allow-mark-trusted option is set then Kleopatra shouldn't allow users to mark root certificates as trusted or not trusted, i.e. the two actions "Trust root certificate" and "Distrust root certificate" shouldn't be offered.

If the no-allow-mark-trusted option is read-only (i.e. it's enforced by the administrators) then we should hide the actions. Otherwise we should just disable them.

Revisions and Commits

rLIBKLEO Libkleo
rLIBKLEOec3c6d00f7da Add helper to return value of a crypto config entry of type None
rKLEOPATRA Kleopatra
rKLEOPATRA541960c094df Don't offer "Trust root certificate" if users are not allowed to do this
rKLEOPATRAdfaaabb406a3 Remove support for setting long obsolete gpg-agent option

Related Objects

Event Timeline

ikloecker created this task.Fri, Oct 25, 9:37 AM
ikloecker mentioned this in T7349: Kleopatra: inconsistent behavior of "Trust root certificate".Fri, Oct 25, 9:41 AM
werner added a subscriber: werner.Fri, Oct 25, 12:14 PM

If we fix this bug for 2.2 we need to have a configure way to revert to the old behaviour. That needs to be a kleopatra config. Or we just don't fix this bug for current vsd but only for gpg4win and the next generation vsd.

ikloecker added a comment.Fri, Oct 25, 2:18 PM

This bug exists since Kleopatra offers "Trust root certificate" (i.e. since 2010). allow-mark-trusted seems to be default since Gpg4win 2.1.0. If admins really want to prevent users from messing with the trustlist then they anyway have to use the no-user-trustlist option.

And if admins are able to set these gpg-agent options in the global config file/registry then they will also be able to disable the "Trust root certificate" action via the standard mechanism.

What I'm trying to say is: Yes, the bug should be fixed for upcoming versions, but it doesn't make much sense to fix it in patch releases of old versions because there's an easy workaround.

ebo triaged this task as Normal priority.Fri, Oct 25, 4:26 PM
ebo added a project: gpd5x (gpd-5.0.0).
ebo edited projects, added gpd5x; removed gpd5x (gpd-5.0.0).
ikloecker claimed this task.Mon, Oct 28, 10:39 AM
ikloecker moved this task from Backlog to WIP on the gpd5x board.
ikloecker added a commit: rLIBKLEOec3c6d00f7da: Add helper to return value of a crypto config entry of type None.Mon, Oct 28, 4:58 PM
ikloecker added a commit: rKLEOPATRAdfaaabb406a3: Remove support for setting long obsolete gpg-agent option.Mon, Oct 28, 5:00 PM
ikloecker added a commit: rKLEOPATRA541960c094df: Don't offer "Trust root certificate" if users are not allowed to do this.
ikloecker changed the task status from Open to Testing.Tue, Oct 29, 4:32 PM

Fixed.

If gpg-agent's option "no-allow-mark-trusted" is set then the actions "Trust root certificate" and "Distrust root certificate" won't be available. If the option is set while Kleopatra is running then it needs to be restarted to get rid of the actions. If one tries to use the actions then Kleopatra will tell you that you are not allowed to do this. Similarly one needs to restart Kleopatra to make the action available again after the option was unset.

The option can be enabled/disabled via the GnuPG System configuration in Kleopatra (Private Keys -> Disallow clients to mark keys as "trusted"), i.e. you don't have to edit gpg-agent.conf by hand.