[PATCH GNUPG] sm: Move qualified.txt from datadir into sysconfdir
Alon Bar-Lev
alon.barlev at gmail.com
Fri Sep 1 21:19:26 CEST 2017
* doc/Makefile.am: Move qualified.txt into examples.
* doc/qualified.txt: Move into examples, remove trailing spaces.
* doc/examples/README: Document qualified.txt.
* doc/gpgsm.texi: Move qualified.txt from datadir into sysconfdir.
* sm/qualified.c (read_list): Move qualified.txt from datadir into
sysconfdir.
--
The qualified.txt is maintained by Administrator it is a configuration
file. In the past it was a hybrid, provided by package and controlled
by the Administrator, however, it is no longer maintained by package.
Signed-off-by: Alon Bar-Lev <alon.barlev at gmail.com>
---
doc/Makefile.am | 4 ++--
doc/examples/README | 2 ++
doc/{ => examples}/qualified.txt | 12 ++++++------
doc/gpgsm.texi | 12 +++---------
sm/qualified.c | 2 +-
5 files changed, 14 insertions(+), 18 deletions(-)
rename doc/{ => examples}/qualified.txt (98%)
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 89079b3..c0c7fd0 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -22,7 +22,7 @@ AM_CPPFLAGS =
include $(top_srcdir)/am/cmacros.am
examples = examples/README examples/scd-event examples/trustlist.txt \
- examples/vsnfd.prf examples/debug.prf \
+ examples/vsnfd.prf examples/debug.prf examples/qualified.txt \
examples/systemd-user/README \
examples/systemd-user/dirmngr.service \
examples/systemd-user/dirmngr.socket \
@@ -43,7 +43,7 @@ helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \
profiles =
-EXTRA_DIST = samplekeys.asc mksamplekeys com-certs.pem qualified.txt \
+EXTRA_DIST = samplekeys.asc mksamplekeys com-certs.pem \
gnupg-logo.eps gnupg-logo.pdf gnupg-logo.png gnupg-logo-tr.png \
gnupg-module-overview.png gnupg-module-overview.pdf \
gnupg-card-architecture.png gnupg-card-architecture.pdf \
diff --git a/doc/examples/README b/doc/examples/README
index 77ee807..4d6a5be 100644
--- a/doc/examples/README
+++ b/doc/examples/README
@@ -9,3 +9,5 @@ trustlist.txt A list of trustworthy root certificates
gpgconf.conf A sample configuration file for gpgconf.
systemd-user Sample files for a Linux-only init system.
+
+qualified.txt Sample file for qualified.txt.
diff --git a/doc/qualified.txt b/doc/examples/qualified.txt
similarity index 98%
rename from doc/qualified.txt
rename to doc/examples/qualified.txt
index c0e4da5..eba11f2 100644
--- a/doc/qualified.txt
+++ b/doc/examples/qualified.txt
@@ -29,7 +29,7 @@
#
# Germany
#
-# The information for Germany is available
+# The information for Germany is available
# at http://www.bundesnetzagentur.de
#*******************************************
@@ -74,7 +74,7 @@ DB:45:3D:1B:B0:1A:F3:23:10:6B:DE:D0:09:61:57:AA:F4:25:E0:5B de
#Serial number: 02
# Issuer: /CN=9R-CA 1:PN/O=Regulierungsbehörde für
# Telekommunikation und Post/C=DE
-# Subject: /CN=9R-CA 1:PN/O=Regulierungsbehörde für
+# Subject: /CN=9R-CA 1:PN/O=Regulierungsbehörde für
# Telekommunikation und Post/C=DE
# validity: 2004-11-25 14:59:11 through 2007-12-31 14:56:59
# key type: 1024 bit RSA
@@ -118,7 +118,7 @@ A0:8B:DF:3B:AA:EE:3F:9D:64:6C:47:81:23:21:D4:A6:18:81:67:1D de
# key usage: certSign
# policies: 1.3.36.8.1.1:N:
# chain length: unlimited
-# [checked: 2008-06-25]
+# [checked: 2008-06-25]
44:7E:D4:E3:9A:D7:92:E2:07:FA:53:1A:2E:F5:B8:02:5B:47:57:B0 de
# ID: 0x46A2CC8A
@@ -130,7 +130,7 @@ A0:8B:DF:3B:AA:EE:3F:9D:64:6C:47:81:23:21:D4:A6:18:81:67:1D de
# key usage: certSign
# policies: 1.3.36.8.1.1:N:
# chain length: unlimited
-# [checked: 2008-06-25]
+# [checked: 2008-06-25]
AC:A7:BE:45:1F:A6:BF:09:F2:D1:3F:08:7B:BC:EB:7F:46:A2:CC:8A de
@@ -215,7 +215,7 @@ E0:BF:1B:91:91:6B:88:E4:F1:15:92:22:CE:37:23:96:B1:4A:2E:5C de
# key type: 2048 bit RSA
# key usage: certSign crlSign
# chain length: 1
-#[checked: 2007-12-13 via received ZIP file with qualified signature from
+#[checked: 2007-12-13 via received ZIP file with qualified signature from
# /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag
# /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg]
C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA de
@@ -230,7 +230,7 @@ C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA de
# key type: 2048 bit RSA
# key usage: certSign crlSign
# chain length: 1
-#[checked: 2007-12-13 via received ZIP file with qualified signature from
+#[checked: 2007-12-13 via received ZIP file with qualified signature from
# /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag
# /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg"]
D5:C7:50:F2:FE:4E:EE:D7:C7:B1:E4:13:7B:FB:54:84:3A:7D:97:9B de
diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi
index 5d79ce5..76ef58b 100644
--- a/doc/gpgsm.texi
+++ b/doc/gpgsm.texi
@@ -843,15 +843,9 @@ purposes.
Note that even if a certificate is listed in this file, this does not
mean that the certificate is trusted; in general the certificates listed
-in this file need to be listed also in @file{trustlist.txt}.
-
-This is a global file an installed in the data directory
-(e.g. @file{@value{DATADIR}/qualified.txt}). GnuPG installs a suitable
-file with root certificates as used in Germany. As new Root-CA
-certificates may be issued over time, these entries may need to be
-updated; new distributions of this software should come with an updated
-list but it is still the responsibility of the Administrator to check
-that this list is correct.
+in this file need to be listed also in @file{trustlist.txt}. This is a global
+file an installed in the sysconf directory (e.g.
+ at file{@value{SYSCONFDIR}/qualified.txt}).
Every time @command{gpgsm} uses a certificate for signing or verification
this file will be consulted to check whether the certificate under
diff --git a/sm/qualified.c b/sm/qualified.c
index 564e779..6a7b473 100644
--- a/sm/qualified.c
+++ b/sm/qualified.c
@@ -58,7 +58,7 @@ read_list (char *key, char *country, int *lnr)
if (!listname)
{
- listname = make_filename (gnupg_datadir (), "qualified.txt", NULL);
+ listname = make_filename (gnupg_sysconfdir (), "qualified.txt", NULL);
listfp = fopen (listname, "r");
if (!listfp && errno != ENOENT)
{
--
2.13.5
More information about the Gnupg-devel
mailing list