Home GnuPG
Diffusion GnuPG 1530d04725d4

agent: New option --no-user-trustlist and --sys-trustlist-name.
1530d04725d4
Actions

Description

agent: New option --no-user-trustlist and --sys-trustlist-name.

* agent/gpg-agent.c (oNoUserTrustlist,oSysTrustlistName): New.
(opts): Add new option names.
(parse_rereadable_options): Parse options.
(finalize_rereadable_options): Reset allow-mark-trusted for the new
option.
* agent/agent.h (opt): Add fields no_user_trustlist and
sys_trustlist_name.
* agent/trustlist.c (make_sys_trustlist_name): New.
(read_one_trustfile): Use here.
(read_trustfiles): Use here.  Implement --no-user-trustlist.

With the global options we can now avoid that a user changes the
Root-CA trust by editing the trustlist.txt. However, to implement
this we need a new option so that we don't need to rely on some magic
like --no-allow-mark-trusted has been put into a force section.

The second option makes system administration easier as it allows to
keep the trustlist in a non-distributed file.

Details

Provenance
wernerAuthored on Jun 14 2022, 2:25 PM
Parents
rG34c649b36013: g10: Fix garbled status messages in NOTATION_DATA
Branches
Unknown
Tags
Unknown
Tasks
T5990: Option to ignore the user trustlist.txt

Changes (4)

PathSize
agent/
doc/

rG1530d04725d4

View Options

agent/agent.h

Loading...
View Options

agent/gpg-agent.c

Loading...
View Options

agent/trustlist.c

Loading...
View Options

doc/gpg-agent.texi

Loading...