New context flag "proc-all-sigs".

* src/context.h (struct gpgme_context): Add proc_all_sigs.
* src/gpgme.c (gpgme_set_ctx_flag): Add flag "proc-all-sigs".
(gpgme_get_ctx_flag): Ditto.
* src/engine-gpg.c (engine.gpg): Add flags.proc_all_sigs.
(have_option_proc_all_sigs): New.
(gpg_set_engine_flags): Set flag from context.
(build_argv): Add --proc-all-sigs if requested and supported.
--

GnuPG-bug-id: 7261

6 files changed, 64 insertions, 1 deletions

diff --git a/NEWS b/NEWS
index 2f312569..9a4eeeba 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,8 @@ Noteworthy changes in version 1.24.0 (unrelease)
 
  * New context flag "import-options".  [T7152]
 
+ * New context flag "proc-all-sigs".  [T7261]
+
  * New function gpgme_op_setownertrust to make changing the owner trust
    easier and to allow enabling/disabling of keys (requires GnuPG 2.4.6).
    [T7239]
diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index 354ec5ab..a630e0e2 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -3290,6 +3290,14 @@ manual and the gpg man page under the option @option{--import-options}.
 Setting the @var{value} to "1" forces the GPG backend to disable the
 automatic check of the trust database.
 
+@item "proc-all-sigs"
+@since{1.24.0}
+Setting the @var{value} to "1" forces the GPG backend not to stop
+signature checking of data after a bad signatures.  This option is
+ignored if the backend itself does not support the --proc-all-sigs
+option.
+
+
 @end table
 
 This function returns @code{0} on success.
diff --git a/src/context.h b/src/context.h
index ea80f48f..9cfd8653 100644
--- a/src/context.h
+++ b/src/context.h
@@ -137,6 +137,9 @@ struct gpgme_context
   /* True if the option --no-auto-check-trustdb shall be passed to gpg.  */
   unsigned int no_auto_check_trustdb : 1;
 
+  /* True if the option --proc-all-sigs shall be passed to gpg.  */
+  unsigned int proc_all_sigs : 1;
+
   /* Pass --expert to gpg edit key. */
   unsigned int extended_edit : 1;
 
diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index b099f566..fc9c7f90 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -153,6 +153,7 @@ struct engine_gpg
     unsigned int include_key_block : 1;
     unsigned int auto_key_import : 1;
     unsigned int no_auto_check_trustdb : 1;
+    unsigned int proc_all_sigs : 1;
   } flags;
 
   /* NULL or the data object fed to --override_session_key-fd.  */
@@ -435,6 +436,26 @@ have_usable_gpgtar (engine_gpg_t gpg)
 }
 
 
+static int
+have_option_proc_all_sigs (engine_gpg_t gpg)
+{
+  static unsigned int flag;
+
+  if (flag)
+    ;
+  else if (have_gpg_version (gpg, "2.5.1"))
+    flag = 1|2;
+  else if (have_gpg_version (gpg, "2.4.6") && !have_gpg_version (gpg, "2.5.0"))
+    flag = 1|2;
+  else if (have_gpg_version (gpg, "2.2.45") && !have_gpg_version (gpg, "2.3.0"))
+    flag = 1|2;
+  else
+    flag = 1;
+
+  return !!(flag & 2);
+}
+
+
 static void
 free_argv (char **argv)
 {
@@ -741,6 +762,7 @@ gpg_set_engine_flags (void *engine, const gpgme_ctx_t ctx)
     }
 
   gpg->flags.no_auto_check_trustdb = !!ctx->no_auto_check_trustdb;
+  gpg->flags.proc_all_sigs = !!ctx->proc_all_sigs;
 }
 
 
@@ -985,7 +1007,7 @@ build_argv (engine_gpg_t gpg, const char *pgmname)
   if (gpg->pinentry_mode)
     argc += 1 + !!gpg->flags.use_gpgtar;
   if (!gpg->cmd.used)
-    argc++; /* --batch */
+    argc += 2; /* --batch and --proc-all-sigs */
 
   argv = calloc (argc + 1, sizeof *argv);
   allocated_argc = argc;
@@ -1220,6 +1242,16 @@ build_argv (engine_gpg_t gpg, const char *pgmname)
           goto leave;
         }
       argc++;
+      if (gpg->flags.proc_all_sigs && have_option_proc_all_sigs (gpg))
+        {
+          argv[argc] = strdup ("--proc-all-sigs");
+          if (!argv[argc])
+            {
+              err = gpg_error_from_syserror ();
+              goto leave;
+            }
+          argc++;
+        }
     }
   for (a = gpg->arglist; a; a = a->next)
     {
diff --git a/src/gpgme.c b/src/gpgme.c
index f6d7f38d..086e680b 100644
--- a/src/gpgme.c
+++ b/src/gpgme.c
@@ -619,6 +619,10 @@ gpgme_set_ctx_flag (gpgme_ctx_t ctx, const char *name, const char *value)
     {
       ctx->no_auto_check_trustdb = abool;
     }
+  else if (!strcmp (name, "proc-all-sigs"))
+    {
+      ctx->proc_all_sigs = abool;
+    }
   else
     err = gpg_error (GPG_ERR_UNKNOWN_NAME);
 
@@ -708,6 +712,10 @@ gpgme_get_ctx_flag (gpgme_ctx_t ctx, const char *name)
     {
       return ctx->no_auto_check_trustdb? "1":"";
     }
+  else if (!strcmp (name, "proc-all-sigs"))
+    {
+      return ctx->proc_all_sigs? "1":"";
+    }
   else
     return NULL;
 }
diff --git a/tests/run-verify.c b/tests/run-verify.c
index 9f32fce9..2d53ad19 100644
--- a/tests/run-verify.c
+++ b/tests/run-verify.c
@@ -241,6 +241,7 @@ show_usage (int ex)
          "  --directory DIR  extract the files into the directory DIR\n"
          "  --diagnostics    print diagnostics\n"
          "  --direct-file-io pass file names instead of streams with content of files to backend\n"
+         "  --proc-all-sigs  pass this option to gpg\n"
          , stderr);
   exit (ex);
 }
@@ -262,6 +263,7 @@ main (int argc, char **argv)
   gpgme_data_encoding_t encoding = GPGME_DATA_ENCODING_NONE;
   int diagnostics = 0;
   int direct_file_io = 0;
+  int proc_all_sigs = 0;
   int repeats = 1;
   int i;
 
@@ -360,6 +362,11 @@ main (int argc, char **argv)
           direct_file_io = 1;
           argc--; argv++;
         }
+      else if (!strcmp (*argv, "--proc-all-sigs"))
+        {
+          proc_all_sigs = 1;
+          argc--; argv++;
+        }
       else if (!strncmp (*argv, "--", 2))
         show_usage (1);
 
@@ -419,6 +426,9 @@ main (int argc, char **argv)
         }
       /* gpgme_set_ctx_flag (ctx, "raw-description", "1"); */
 
+      if (proc_all_sigs)
+        gpgme_set_ctx_flag (ctx, "proc-all-sigs", "1");
+
       if (auto_key_retrieve)
         {
           gpgme_set_ctx_flag (ctx, "auto-key-retrieve", "1");