gpg: New option --no-keyring.

* g10/gpg.c (oNoKeyring): New. (opts): Add "--no-keyring". (main): Do not register any keyring if the option is used. Signed-off-by: Werner Koch <wk@gnupg.org>
2024-06-05 23:07:49 +02:00 · 2016-07-06 15:33:40 +02:00 · 2016-07-06 15:33:40 +02:00 · 073be51a86
commit 073be51a86
parent fdfde91595
2 changed files with 27 additions and 8 deletions
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@ -1371,6 +1371,10 @@ Note that this adds a keyring to the current list. If the intent is to
 use the specified keyring alone, use @option{--keyring} along with
@option{--no-default-keyring}.
 If the the option @option{--no-keyring} has been used no keyrings will
 be used at all.
@item --secret-keyring @code{file}
@opindex secret-keyring
 This is an obsolete option and ignored.  All secret keys are stored in
@ -3008,6 +3012,10 @@ and do not provide alternate keyrings via @option{--keyring} or
@option{--secret-keyring}, then GnuPG will still use the default public or
 secret keyrings.
@item --no-keyring
@opindex no-keyring
 Do not add use any keyrings even if specified as options.
@item --skip-verify
@opindex skip-verify
 Skip the signature verification step. This may be
--- a/g10/gpg.c
+++ b/g10/gpg.c
@ -248,6 +248,7 @@ enum cmd_and_opt_values
    oNoMDCWarn,
    oNoArmor,
    oNoDefKeyring,
    oNoKeyring,
    oNoGreeting,
    oNoTTY,
    oNoOptions,
@ -681,6 +682,7 @@ static ARGPARSE_OPTS opts[] = {
  ARGPARSE_s_n (oNoArmor, "no-armor", "@"),
  ARGPARSE_s_n (oNoArmor, "no-armour", "@"),
  ARGPARSE_s_n (oNoDefKeyring, "no-default-keyring", "@"),
  ARGPARSE_s_n (oNoKeyring, "no-keyring", "@"),
  ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"),
  ARGPARSE_s_n (oNoOptions, "no-options", "@"),
  ARGPARSE_s_s (oHomedir, "homedir", "@"),
@ -2609,7 +2611,15 @@ main (int argc, char **argv)
 	    }
 	    break;
 	  case oNoArmor: opt.no_armor=1; opt.armor=0; break;
-	  case oNoDefKeyring: default_keyring = 0; break;
+
 	  case oNoDefKeyring:
            if (default_keyring > 0)
              default_keyring = 0;
            break;
 	  case oNoKeyring:
            default_keyring = -1;
            break;
 	  case oNoGreeting: nogreeting = 1; break;
 	  case oNoVerbose:
            opt.verbose = 0;
@ -3703,14 +3713,15 @@ main (int argc, char **argv)
    if( opt.verbose > 1 )
 	set_packet_list_mode(1);
-    /* Add the keyrings, but not for some special commands.
+    /* Add the keyrings, but not for some special commands.  We always
-       We always need to add the keyrings if we are running under
+     * need to add the keyrings if we are running under SELinux, this
-       SELinux, this is so that the rings are added to the list of
+     * is so that the rings are added to the list of secured files.
-       secured files. */
+     * We do not add any keyring if --no-keyring has been used.  */
-    if( ALWAYS_ADD_KEYRINGS
+    if (default_keyring >= 0
-        || (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest) )
+        && (ALWAYS_ADD_KEYRINGS
            || (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest)))
      {
-	if (!nrings || default_keyring)  /* Add default ring. */
+	if (!nrings || default_keyring > 0)  /* Add default ring. */
 	    keydb_add_resource ("pubring" EXTSEP_S GPGEXT_GPG,
                                KEYDB_RESOURCE_FLAG_DEFAULT);
 	for (sl = nrings; sl; sl = sl->next )