diff --git a/NEWS b/NEWS index 3a4065f2..495e4af7 100644 --- a/NEWS +++ b/NEWS @@ -4,6 +4,7 @@ Noteworthy changes in version 1.15.2 (unreleased) * Interface changes relative to the 1.15.1 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + GPGME_KEYSIGN_FORCE NEW. qt: CryptoConfig::entry CHANGED: Added overload; deprecated old diff --git a/doc/gpgme.texi b/doc/gpgme.texi index 99a228b3..11147862 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -4699,6 +4699,11 @@ separated user IDs. Force the creation of a key signature without an expiration date. This overrides @var{expire} and any local configuration of the engine. +@item GPGME_KEYSIGN_FORCE +Force the creation of a new signature even if one already exists. +This flag has an effect only if the gpg version is at least 2.2.28 but +won't return an error with older versions. + @end table The function returns zero on success, @code{GPG_ERR_NOT_SUPPORTED} if diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 5e663e16..969abab6 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -3164,6 +3164,13 @@ gpg_keysign (void *engine, gpgme_key_t key, const char *userid, else err = add_arg (gpg, "--quick-sign-key"); + /* The force flag as only an effect with recent gpg versions; if the + * gpg version is too old, the signature will simply not be created. + * I think this is better than bailing out. */ + if (!err && (flags & GPGME_KEYSIGN_FORCE) + && have_gpg_version (gpg, "2.2.28")) + err = add_arg (gpg, "--force-sign-key"); + if (!err) err = append_args_from_signers (gpg, ctx); diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 9e98816d..0a90c8d2 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -1905,6 +1905,7 @@ gpgme_error_t gpgme_op_delete_ext (gpgme_ctx_t ctx, const gpgme_key_t key, #define GPGME_KEYSIGN_LOCAL (1 << 7) /* Create a local signature. */ #define GPGME_KEYSIGN_LFSEP (1 << 8) /* Indicate LF separated user ids. */ #define GPGME_KEYSIGN_NOEXPIRE (1 << 9) /* Force no expiration. */ +#define GPGME_KEYSIGN_FORCE (1 << 10) /* Force creation. */ /* Sign the USERID of KEY using the current set of signers. */ diff --git a/tests/run-keysign.c b/tests/run-keysign.c index 57488a47..31775061 100644 --- a/tests/run-keysign.c +++ b/tests/run-keysign.c @@ -82,6 +82,7 @@ show_usage (int ex) " --noexpire force no expiration\n" " --expire EPOCH expire the signature at EPOCH\n" " --revoke revoke the signature(s)\n" + " --force pass --force-sign-key option\n" , stderr); exit (ex); } @@ -149,6 +150,11 @@ main (int argc, char **argv) keysign_flags |= GPGME_KEYSIGN_LOCAL; argc--; argv++; } + else if (!strcmp (*argv, "--force")) + { + keysign_flags |= GPGME_KEYSIGN_FORCE; + argc--; argv++; + } else if (!strcmp (*argv, "--noexpire")) { keysign_flags |= GPGME_KEYSIGN_NOEXPIRE;