GpgFrontend/gpgme
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

core: New flag GPGME_KEYSIGN_FORCE.

Browse Source 
* src/gpgme.h.in (GPGME_KEYSIGN_FORCE): New.
* src/engine-gpg.c (gpg_keysign): Implement.

* tests/run-keysign.c (show_usage): Add option --force
--

GnuPG-bug-id: 4584
This commit is contained in:
Werner Koch 2021-03-11 11:49:07 +01:00
parent fe900a41bf
commit 0821e2b149
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
5 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
NEWS
View File

@ -4,6 +4,7 @@ Noteworthy changes in version 1.15.2 (unreleased)
* Interface changes relative to the 1.15.1 release: * Interface changes relative to the 1.15.1 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
GPGME_KEYSIGN_FORCE NEW.
qt: CryptoConfig::entry CHANGED: Added overload; deprecated old qt: CryptoConfig::entry CHANGED: Added overload; deprecated old

5
doc/gpgme.texi
View File

@ -4699,6 +4699,11 @@ separated user IDs.
Force the creation of a key signature without an expiration date. This Force the creation of a key signature without an expiration date. This
overrides @var{expire} and any local configuration of the engine. overrides @var{expire} and any local configuration of the engine.
@item GPGME_KEYSIGN_FORCE
Force the creation of a new signature even if one already exists.
This flag has an effect only if the gpg version is at least 2.2.28 but
won't return an error with older versions.
@end table @end table
The function returns zero on success, @code{GPG_ERR_NOT_SUPPORTED} if The function returns zero on success, @code{GPG_ERR_NOT_SUPPORTED} if

7
src/engine-gpg.c
View File

@ -3164,6 +3164,13 @@ gpg_keysign (void *engine, gpgme_key_t key, const char *userid,
else else
err = add_arg (gpg, "--quick-sign-key"); err = add_arg (gpg, "--quick-sign-key");
/* The force flag as only an effect with recent gpg versions; if the
* gpg version is too old, the signature will simply not be created.
* I think this is better than bailing out. */
if (!err && (flags & GPGME_KEYSIGN_FORCE)
&& have_gpg_version (gpg, "2.2.28"))
err = add_arg (gpg, "--force-sign-key");
if (!err) if (!err)
err = append_args_from_signers (gpg, ctx); err = append_args_from_signers (gpg, ctx);

1
src/gpgme.h.in
View File

@ -1905,6 +1905,7 @@ gpgme_error_t gpgme_op_delete_ext (gpgme_ctx_t ctx, const gpgme_key_t key,
#define GPGME_KEYSIGN_LOCAL (1 << 7) /* Create a local signature. */ #define GPGME_KEYSIGN_LOCAL (1 << 7) /* Create a local signature. */
#define GPGME_KEYSIGN_LFSEP (1 << 8) /* Indicate LF separated user ids. */ #define GPGME_KEYSIGN_LFSEP (1 << 8) /* Indicate LF separated user ids. */
#define GPGME_KEYSIGN_NOEXPIRE (1 << 9) /* Force no expiration. */ #define GPGME_KEYSIGN_NOEXPIRE (1 << 9) /* Force no expiration. */
#define GPGME_KEYSIGN_FORCE (1 << 10) /* Force creation. */
/* Sign the USERID of KEY using the current set of signers. */ /* Sign the USERID of KEY using the current set of signers. */

6
tests/run-keysign.c
View File

@ -82,6 +82,7 @@ show_usage (int ex)
" --noexpire force no expiration\n" " --noexpire force no expiration\n"
" --expire EPOCH expire the signature at EPOCH\n" " --expire EPOCH expire the signature at EPOCH\n"
" --revoke revoke the signature(s)\n" " --revoke revoke the signature(s)\n"
" --force pass --force-sign-key option\n"
, stderr); , stderr);
exit (ex); exit (ex);
} }
@ -149,6 +150,11 @@ main (int argc, char **argv)
keysign_flags |= GPGME_KEYSIGN_LOCAL; keysign_flags |= GPGME_KEYSIGN_LOCAL;
argc--; argv++; argc--; argv++;
} }
else if (!strcmp (*argv, "--force"))
{
keysign_flags |= GPGME_KEYSIGN_FORCE;
argc--; argv++;
}
else if (!strcmp (*argv, "--noexpire")) else if (!strcmp (*argv, "--noexpire"))
{ {
keysign_flags |= GPGME_KEYSIGN_NOEXPIRE; keysign_flags |= GPGME_KEYSIGN_NOEXPIRE;