core: New flag GPGME_KEYSIGN_FORCE.

* src/gpgme.h.in (GPGME_KEYSIGN_FORCE): New. * src/engine-gpg.c (gpg_keysign): Implement. * tests/run-keysign.c (show_usage): Add option --force -- GnuPG-bug-id: 4584
2021-03-11 11:49:07 +01:00 · 2021-03-11 11:49:07 +01:00 · 0821e2b149
commit 0821e2b149
parent fe900a41bf
5 changed files with 20 additions and 0 deletions
--- a/1
+++ b/1
@ -4,6 +4,7 @@ Noteworthy changes in version 1.15.2 (unreleased)

 * Interface changes relative to the 1.15.1 release:
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ GPGME_KEYSIGN_FORCE                   NEW.
 qt: CryptoConfig::entry               CHANGED: Added overload; deprecated old


--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@ -4699,6 +4699,11 @@ separated user IDs.
 Force the creation of a key signature without an expiration date.  This
 overrides @var{expire} and any local configuration of the engine.

+@item GPGME_KEYSIGN_FORCE
+Force the creation of a new signature even if one already exists.
+This flag has an effect only if the gpg version is at least 2.2.28 but
+won't return an error with older versions.
+
@end table

 The function returns zero on success, @code{GPG_ERR_NOT_SUPPORTED} if
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@ -3164,6 +3164,13 @@ gpg_keysign (void *engine, gpgme_key_t key, const char *userid,
  else
    err = add_arg (gpg, "--quick-sign-key");

+  /* The force flag as only an effect with recent gpg versions; if the
+   * gpg version is too old, the signature will simply not be created.
+   * I think this is better than bailing out.  */
+  if (!err && (flags & GPGME_KEYSIGN_FORCE)
+      && have_gpg_version (gpg, "2.2.28"))
+    err = add_arg (gpg, "--force-sign-key");
+
  if (!err)
    err = append_args_from_signers (gpg, ctx);

--- a/src/gpgme.h.in
+++ b/src/gpgme.h.in
@ -1905,6 +1905,7 @@ gpgme_error_t gpgme_op_delete_ext (gpgme_ctx_t ctx, const gpgme_key_t key,
 #define GPGME_KEYSIGN_LOCAL     (1 << 7)  /* Create a local signature.  */
 #define GPGME_KEYSIGN_LFSEP     (1 << 8)  /* Indicate LF separated user ids. */
 #define GPGME_KEYSIGN_NOEXPIRE  (1 << 9)  /* Force no expiration.  */
+#define GPGME_KEYSIGN_FORCE     (1 << 10) /* Force creation.  */


 /* Sign the USERID of KEY using the current set of signers.  */
--- a/tests/run-keysign.c
+++ b/tests/run-keysign.c
@ -82,6 +82,7 @@ show_usage (int ex)
         "  --noexpire       force no expiration\n"
         "  --expire EPOCH   expire the signature at EPOCH\n"
         "  --revoke         revoke the signature(s)\n"
+         "  --force          pass --force-sign-key option\n"
         , stderr);
  exit (ex);
 }
@ -149,6 +150,11 @@ main (int argc, char **argv)
          keysign_flags |= GPGME_KEYSIGN_LOCAL;
          argc--; argv++;
        }
+      else if (!strcmp (*argv, "--force"))
+        {
+          keysign_flags |= GPGME_KEYSIGN_FORCE;
+          argc--; argv++;
+        }
      else if (!strcmp (*argv, "--noexpire"))
        {
          keysign_flags |= GPGME_KEYSIGN_NOEXPIRE;