From 0821e2b1495e8944a5a1b5ba20ad5f403dde0dd0 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 11 Mar 2021 11:49:07 +0100
Subject: core: New flag GPGME_KEYSIGN_FORCE.

* src/gpgme.h.in (GPGME_KEYSIGN_FORCE): New.
* src/engine-gpg.c (gpg_keysign): Implement.

* tests/run-keysign.c (show_usage): Add option --force
--

GnuPG-bug-id: 4584
---
 src/engine-gpg.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'src/engine-gpg.c')

diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index 5e663e16..969abab6 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -3164,6 +3164,13 @@ gpg_keysign (void *engine, gpgme_key_t key, const char *userid,
   else
     err = add_arg (gpg, "--quick-sign-key");
 
+  /* The force flag as only an effect with recent gpg versions; if the
+   * gpg version is too old, the signature will simply not be created.
+   * I think this is better than bailing out.  */
+  if (!err && (flags & GPGME_KEYSIGN_FORCE)
+      && have_gpg_version (gpg, "2.2.28"))
+    err = add_arg (gpg, "--force-sign-key");
+
   if (!err)
     err = append_args_from_signers (gpg, ctx);
 
-- 
cgit v1.2.3