Add simple API to check/toggle TOFU mode
AbandonedPublic
Actions

Authored by bcooksley on Oct 31 2016, 12:23 PM.

Details

Reviewers

aheinecke
dvratil

Summary

While waiting for Andre's input on the other task, I started looking into TOFU support. Since TOFU needs to be globally enabled in a config file, I'd like to have an official API for that in gnupg-related library rather than having a code that deals with other application's configuration file hidden somewhere in a random PIM library or app.

This patch adds a simple API to check if TOFU model is supported, enabled and to enable/disable it.

Maybe we could eventually upstream this to gpgme, but for now this should do just fine.

Test Plan

To my own surprise, I actually wrote a unittest.

Diff Detail

Repository

R90 PIM: Kleo Library

Lint

Lint Skipped

Unit

Unit Tests Skipped

dvratil updated this revision to Diff 7775.Oct 31 2016, 12:23 PM

dvratil retitled this revision from to Add simple API to check/toggle TOFU mode.

dvratil updated this object.

dvratil edited the test plan for this revision. (Show Details)

dvratil added a reviewer: aheinecke.

dvratil set the repository for this revision to R90 PIM: Kleo Library.

dvratil added a project: KDE PIM.

Restricted Application added a subscriber: kde-pim. · View Herald TranscriptOct 31 2016, 12:23 PM

Indeed this is ugly, but might be a workaround until gnupg properly supports this. ( https://bugs.gnupg.org/gnupg/issue2381 )
I would have said you should use QGpgME::CryptoConfig for this but gpgconf does not provide the trust-model as a settable option (which imo is wrong but the maintainer argued against it because he wants to have a "larger" profile style solution.

We will get it in gnupg but It's unclear how. We will have more options like auto-key-locate / auto-key-retrieve etc. that are not part of gpgconf's interface. Having such a hack for every such option is not something I want to have :-/

Why do you need this now? I think the other stuff (WKS publishing creation / TOFU Display) is unreleated. I thought for the first implementation it should be fine if a user has to manually configure themselves into an "EasyGPG" style mode. Especially as this stuff is still very new. So we have not given the profile switch high priority. (It's on the agenda for a hacking meeting at the end of November).

src/kleo/tofu.cpp
91	This can be simplified as: return !(GpgME::engineInfo(GpgME::GpgEngine).engineVersion() < "2.1.14");
176	If you really want to use this patch, please change this to tofu+pgp we want tofu+pgp and not plain tofu. tofu+pgp means that your current trust will still be used. I think we should also insert a comment like: The trust model was changed to tofu+pgp by KMail on $date Before the change it was $oldtrustmodel before the trust-model line.

This revision now requires changes to proceed.Oct 31 2016, 1:42 PM

@aheinecke what is the state from gnupg? can this be merged now?

okay now we habe gpgconf support to enable/disable this. So this can be closed. Unfurtuantelly no way to close them anymore ;(

bcooksley commandeered this revision.May 19 2022, 9:16 PM

bcooksley abandoned this revision.

bcooksley added a reviewer: dvratil.

Revision Contents
Changeset List

		Path
M		CMakeLists.txt (8 lines)
A	M	autotests/CMakeLists.txt (1 line)
A	M	autotests/fakehomes/disabled/gpg.conf (11 lines)
A	M	autotests/fakehomes/disabled/gpg.conf.disabled (11 lines)
A	M	autotests/fakehomes/disabled/gpg.conf.enabled (12 lines)
A	M	autotests/fakehomes/new/gpg.conf (1 line)
A	M	autotests/fakehomes/new/gpg.conf.disabled (1 line)
A	M	autotests/fakehomes/new/gpg.conf.enabled (1 line)
A	M	autotests/fakehomes/trust-model-auto/gpg.conf (12 lines)
A	M	autotests/fakehomes/trust-model-auto/gpg.conf.disabled (12 lines)
A	M	autotests/fakehomes/trust-model-auto/gpg.conf.enabled (12 lines)
A	M	autotests/fakehomes/trust-model-tofu-pgp/gpg.conf (12 lines)
A	M	autotests/fakehomes/trust-model-tofu-pgp/gpg.conf.disabled (11 lines)
A	M	autotests/fakehomes/trust-model-tofu-pgp/gpg.conf.enabled (12 lines)
A	M	autotests/fakehomes/trust-model-tofu/gpg.conf (12 lines)
A	M	autotests/fakehomes/trust-model-tofu/gpg.conf.disabled (11 lines)
A	M	autotests/fakehomes/trust-model-tofu/gpg.conf.enabled (12 lines)
A	M	autotests/gpgconf.py (59 lines)
A	M	autotests/tofutest.cpp (177 lines)
M		src/CMakeLists.txt (1 line)
A	M	src/kleo/tofu.h (64 lines)
A	M	src/kleo/tofu.cpp (208 lines)

Diff	ID	Base	Description	Created	Lint	Unit
Base			Base
Diff 1	7775			Oct 31 2016, 12:19 PM	★	★

Add simple API to check/toggle TOFU modeAbandonedPublicActions

Details

Diff Detail

Revision ContentsChangeset List

Diff 7775

CMakeLists.txt

autotests/CMakeLists.txt

autotests/fakehomes/disabled/gpg.conf

autotests/fakehomes/disabled/gpg.conf.disabled

autotests/fakehomes/disabled/gpg.conf.enabled

autotests/fakehomes/new/gpg.conf

autotests/fakehomes/new/gpg.conf.disabled

autotests/fakehomes/new/gpg.conf.enabled

autotests/fakehomes/trust-model-auto/gpg.conf

autotests/fakehomes/trust-model-auto/gpg.conf.disabled

autotests/fakehomes/trust-model-auto/gpg.conf.enabled

autotests/fakehomes/trust-model-tofu-pgp/gpg.conf

autotests/fakehomes/trust-model-tofu-pgp/gpg.conf.disabled

autotests/fakehomes/trust-model-tofu-pgp/gpg.conf.enabled

autotests/fakehomes/trust-model-tofu/gpg.conf

autotests/fakehomes/trust-model-tofu/gpg.conf.disabled

autotests/fakehomes/trust-model-tofu/gpg.conf.enabled

autotests/gpgconf.py

autotests/tofutest.cpp

src/CMakeLists.txt

src/kleo/tofu.h

src/kleo/tofu.cpp

Add simple API to check/toggle TOFU mode
AbandonedPublic
Actions

Revision Contents
Changeset List