gpg: New option --proc-all-sigs

* g10/options.h (flags): Add proc_all_sigs. * g10/mainproc.c (proc_tree): Do not stop signature checking if this new option is used. * g10/gpg.c (oProcAllSigs): New. (opts): Add "proc-all-sigs". (main): Set it. -- GnuPG-bug-id: 7261
2025-07-02 22:46:30 +02:00 · 2024-08-23 11:27:58 +02:00 · 2024-08-23 11:27:58 +02:00 · 1eb382fb1f
commit 1eb382fb1f
parent 3171ca9b94
5 changed files with 28 additions and 3 deletions
--- a/g10/gpg.c
+++ b/g10/gpg.c
@ -459,6 +459,7 @@ enum cmd_and_opt_values
    oAssertPubkeyAlgo,
    oKbxBufferSize,
    oRequirePQCEncryption,
+    oProcAllSigs,

    oNoop
  };
@ -907,6 +908,7 @@ static gpgrt_opt_t opts[] = {

  ARGPARSE_s_n (oBatch, "batch", "@"),
  ARGPARSE_s_n (oNoBatch, "no-batch", "@"),
+  ARGPARSE_s_n (oProcAllSigs, "proc-all-sigs", "@"),
  ARGPARSE_s_n (oAnswerYes, "yes", "@"),
  ARGPARSE_s_n (oAnswerNo, "no", "@"),
  ARGPARSE_s_i (oStatusFD, "status-fd", "@"),
@ -2811,6 +2813,10 @@ main (int argc, char **argv)
            nogreeting = 1;
            break;

+          case oProcAllSigs:
+            opt.flags.proc_all_sigs = 1;
+            break;
+
          case oUseAgent: /* Dummy. */
            break;

--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@ -2681,7 +2681,8 @@ proc_tree (CTX c, kbnode_t node)
        }

      for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE));)
-        if (check_sig_and_print (c, n1) && opt.batch)
+        if (check_sig_and_print (c, n1) && opt.batch
+            && !opt.flags.proc_all_sigs)
          break;

    }
@ -2701,7 +2702,8 @@ proc_tree (CTX c, kbnode_t node)
        }

      for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE));)
-        if (check_sig_and_print (c, n1) && opt.batch)
+        if (check_sig_and_print (c, n1) && opt.batch
+            && !opt.flags.proc_all_sigs)
          break;
    }
  else if (node->pkt->pkttype == PKT_SIGNATURE)
@ -2830,7 +2832,8 @@ proc_tree (CTX c, kbnode_t node)
      if (multiple_ok)
        {
          for (n1 = node; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE)))
-	    if (check_sig_and_print (c, n1) && opt.batch)
+	    if (check_sig_and_print (c, n1) && opt.batch
+                && !opt.flags.proc_all_sigs)
              break;
        }
      else
--- a/g10/options.h
+++ b/g10/options.h
@ -306,7 +306,10 @@ struct
    /* Fail if an operation can't be done in the requested compliance
     * mode.  */
    unsigned int require_compliance:1;
+    /* Fail encryption unless a PQC algorithm is used.  */
    unsigned int require_pqc_encryption:1;
+    /* Process all signatures even in batch mode.  */
+    unsigned int proc_all_sigs:1;
  } flags;

  /* Linked list of ways to find a key if the key isn't on the local