core: Support --locate-external-keys command of gpg

* src/gpgme.h.in (GPGME_KEYLIST_MODE_FORCE_EXTERN): New.
(GPGME_KEYLIST_MODE_LOCATE_EXTERNAL): New.
* src/gpgme.c (gpgme_set_keylist_mode): Check for invalid mode.
* src/engine-gpg.c (gpg_keylist_build_options): Use
"--locate-external-keys" instead of "--locate-keys" if flag is set.
* src/gpgme-json.c (op_keylist): New flag "force-extern".
* src/gpgme-tool.c (gt_get_keylist_mode, cmd_keylist_mode): Handle
new mode.
--

GnuPG-bug-id: 5951

NEWS

@@ -1,20 +1,24 @@
 Noteworthy changes in version 1.17.2 (unreleased)
 -------------------------------------------------
 
- Release-info: https://dev.gnupg.org/Txxxx
+ * New keylist mode to force refresh via external methods.  [#5951]
 
- * cpp, qt: Do not export internal symbols anymore.  [T5906]
+ * cpp, qt: Do not export internal symbols anymore.  [#5906]
 
  * cpp, qt: Support revocation of own OpenPGP keys.  [#5904]
 
  * Interface changes relative to the 1.17.1 release:
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ GPGME_KEYLIST_MODE_FORCE_EXTERN            NEW.
+ GPGME_KEYLIST_MODE_LOCATE_EXTERNAL         NEW.
  cpp: RevocationReason                      NEW.
  cpp: GpgRevokeKeyEditInteractor            NEW.
  cpp: Result::setError                      NEW.
  qt: RevokeKeyJob                           NEW.
  qt: Protocol::revokeKeyJob                 NEW.
 
+ Release-info: https://dev.gnupg.org/Txxxx
+
 
 Noteworthy changes in version 1.17.1 (2022-03-06)
 -------------------------------------------------

doc/gpgme.texi

@@ -2872,6 +2872,26 @@ validity information from an internal cache.  This might be an
 expensive operation and is in general not useful.  Currently only
 implemented for the S/MIME backend and ignored for other backends.
 
+@item GPGME_KEYLIST_MODE_FORCE_EXTERN
+@since{1.18.0}
+
+The @code{GPGME_KEYLIST_MODE_FORCE_EXTERN} symbol specifies that only
+external sources should be searched for keys in the keylisting
+operation.  If used in combination with @code{GPGME_KEYLIST_MODE_LOCATE},
+the keylisting results in a @code{--locate-external-keys} for
+@code{GPGME_PROTOCOL_OpenPGP}.  The combination with
+@code{GPGME_KEYLIST_MODE_LOCAL}, but without @code{GPGME_KEYLIST_MODE_EXTERN}
+is not allowed.  Currently only implemented for the OpenPGP backend and
+ignored for other backends.
+
+@item GPGME_KEYLIST_MODE_LOCATE_EXTERNAL
+@since{1.18.0}
+
+This is a shortcut for the combination of
+@code{GPGME_KEYLIST_MODE_LOCATE} and @code{GPGME_KEYLIST_MODE_FORCE_EXTERN},
+which results in a @code{--locate-external-keys} for
+@code{GPGME_PROTOCOL_OpenPGP}.
+
 @end table
 
 At least one of @code{GPGME_KEYLIST_MODE_LOCAL} and

src/engine-gpg.c

@@ -3105,8 +3105,11 @@ gpg_keylist_build_options (engine_gpg_t gpg, int secret_only,
                  code.  The problem is that we don't know the context
                  here and thus can't access the cached version number
                  for the engine info structure.  */
-              err = add_arg (gpg, "--locate-keys");
+              if ((mode & GPGME_KEYLIST_MODE_FORCE_EXTERN))
-              if ((mode & GPGME_KEYLIST_MODE_SIGS))
+                err = add_arg (gpg, "--locate-external-keys");
+              else
+                err = add_arg (gpg, "--locate-keys");
+              if (!err && (mode & GPGME_KEYLIST_MODE_SIGS))
                 err = add_arg (gpg, "--with-sig-check");
             }
           else

src/gpgme-json.c

@@ -2471,6 +2471,11 @@ op_keylist (cjson_t request, cjson_t result)
   if (abool)
     mode |= GPGME_KEYLIST_MODE_LOCATE;
 
+  if ((err = get_boolean_flag (request, "force-extern", 0, &abool)))
+    goto leave;
+  if (abool)
+    mode |= GPGME_KEYLIST_MODE_FORCE_EXTERN;
+
   if (!mode)
     {
       /* default to local */

src/gpgme-tool.c

@@ -1459,6 +1459,8 @@ gt_get_keylist_mode (gpgme_tool_t gt)
     modes[idx++] = "ephemeral";
   if (mode & GPGME_KEYLIST_MODE_VALIDATE)
     modes[idx++] = "validate";
+  if (mode & GPGME_KEYLIST_MODE_FORCE_EXTERN)
+    modes[idx++] = "force_extern";
   modes[idx++] = NULL;
 
   gt_write_status (gt, STATUS_KEYLIST_MODE, modes[0], modes[1], modes[2],
@@ -2200,6 +2202,8 @@ cmd_keylist_mode (assuan_context_t ctx, char *line)
 	mode |= GPGME_KEYLIST_MODE_EPHEMERAL;
       if (strstr (line, "validate"))
 	mode |= GPGME_KEYLIST_MODE_VALIDATE;
+      if (strstr (line, "force_extern"))
+	mode |= GPGME_KEYLIST_MODE_FORCE_EXTERN;
 
       return gt_set_keylist_mode (server->gt, mode);
     }

src/gpgme.c

@@ -782,6 +782,10 @@ gpgme_set_keylist_mode (gpgme_ctx_t ctx, gpgme_keylist_mode_t mode)
   if (!ctx)
     return gpg_error (GPG_ERR_INV_VALUE);
 
+  if ((mode & GPGME_KEYLIST_MODE_LOCATE_EXTERNAL) ==
+      (GPGME_KEYLIST_MODE_LOCAL|GPGME_KEYLIST_MODE_FORCE_EXTERN))
+    return gpg_error (GPG_ERR_INV_VALUE);
+
   ctx->keylist_mode = mode;
   return 0;
 }

src/gpgme.h.in

@@ -382,8 +382,10 @@ gpgme_protocol_t;
 #define GPGME_KEYLIST_MODE_WITH_KEYGRIP       	64
 #define GPGME_KEYLIST_MODE_EPHEMERAL            128
 #define GPGME_KEYLIST_MODE_VALIDATE		256
+#define GPGME_KEYLIST_MODE_FORCE_EXTERN		512
 
 #define GPGME_KEYLIST_MODE_LOCATE		(1|2)
+#define GPGME_KEYLIST_MODE_LOCATE_EXTERNAL	(1|2|512)
 
 typedef unsigned int gpgme_keylist_mode_t;