1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

gpg: New option --proc-all-sigs

* g10/options.h (flags): Add proc_all_sigs.
* g10/mainproc.c (proc_tree): Do not stop signature checking if this
new option is used.
* g10/gpg.c (oProcAllSigs): New.
(opts): Add "proc-all-sigs".
(main): Set it.
--

GnuPG-bug-id: 7261
This commit is contained in:
Werner Koch 2024-08-23 11:27:58 +02:00
parent 3171ca9b94
commit 1eb382fb1f
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
5 changed files with 28 additions and 3 deletions

2
NEWS
View File

@ -1,6 +1,8 @@
Noteworthy changes in version 2.5.1 (unreleased) Noteworthy changes in version 2.5.1 (unreleased)
------------------------------------------------ ------------------------------------------------
* gpg: New option --proc-all-sigs. [T7261]
Release-info: https://dev.gnupg.org/T7191 Release-info: https://dev.gnupg.org/T7191

View File

@ -264,6 +264,11 @@ out the actual signed data, but there are other pitfalls with this
format as well. It is suggested to avoid cleartext signatures in format as well. It is suggested to avoid cleartext signatures in
favor of detached signatures. favor of detached signatures.
Note: With option @option{--batch} he verification of signatures stops
at the first bad signature. This is a safe default for unattended
processing but sometimes a status for all signatures is needed. To
override this early bailout use the option @option{--proc-all-sigs}.
Note: To check whether a file was signed by a certain key the option Note: To check whether a file was signed by a certain key the option
@option{--assert-signer} can be used. As an alternative the @option{--assert-signer} can be used. As an alternative the
@command{gpgv} tool can be used. @command{gpgv} is designed to @command{gpgv} tool can be used. @command{gpgv} is designed to
@ -1373,6 +1378,12 @@ Assume "yes" on most questions. Should not be used in an option file.
Assume "no" on most questions. Should not be used in an option file. Assume "no" on most questions. Should not be used in an option file.
@item --proc-all-sigs
@opindex proc-all-sigs
This option overrides the behaviour of the @option{--batch} option to
stop signature verification at the first bad signatures.
@item --list-filter @{select=@var{expr}@} @item --list-filter @{select=@var{expr}@}
@opindex list-filter @opindex list-filter
A list filter can be used to output only certain keys during key A list filter can be used to output only certain keys during key

View File

@ -459,6 +459,7 @@ enum cmd_and_opt_values
oAssertPubkeyAlgo, oAssertPubkeyAlgo,
oKbxBufferSize, oKbxBufferSize,
oRequirePQCEncryption, oRequirePQCEncryption,
oProcAllSigs,
oNoop oNoop
}; };
@ -907,6 +908,7 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_n (oBatch, "batch", "@"), ARGPARSE_s_n (oBatch, "batch", "@"),
ARGPARSE_s_n (oNoBatch, "no-batch", "@"), ARGPARSE_s_n (oNoBatch, "no-batch", "@"),
ARGPARSE_s_n (oProcAllSigs, "proc-all-sigs", "@"),
ARGPARSE_s_n (oAnswerYes, "yes", "@"), ARGPARSE_s_n (oAnswerYes, "yes", "@"),
ARGPARSE_s_n (oAnswerNo, "no", "@"), ARGPARSE_s_n (oAnswerNo, "no", "@"),
ARGPARSE_s_i (oStatusFD, "status-fd", "@"), ARGPARSE_s_i (oStatusFD, "status-fd", "@"),
@ -2811,6 +2813,10 @@ main (int argc, char **argv)
nogreeting = 1; nogreeting = 1;
break; break;
case oProcAllSigs:
opt.flags.proc_all_sigs = 1;
break;
case oUseAgent: /* Dummy. */ case oUseAgent: /* Dummy. */
break; break;

View File

@ -2681,7 +2681,8 @@ proc_tree (CTX c, kbnode_t node)
} }
for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE));) for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE));)
if (check_sig_and_print (c, n1) && opt.batch) if (check_sig_and_print (c, n1) && opt.batch
&& !opt.flags.proc_all_sigs)
break; break;
} }
@ -2701,7 +2702,8 @@ proc_tree (CTX c, kbnode_t node)
} }
for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE));) for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE));)
if (check_sig_and_print (c, n1) && opt.batch) if (check_sig_and_print (c, n1) && opt.batch
&& !opt.flags.proc_all_sigs)
break; break;
} }
else if (node->pkt->pkttype == PKT_SIGNATURE) else if (node->pkt->pkttype == PKT_SIGNATURE)
@ -2830,7 +2832,8 @@ proc_tree (CTX c, kbnode_t node)
if (multiple_ok) if (multiple_ok)
{ {
for (n1 = node; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE))) for (n1 = node; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE)))
if (check_sig_and_print (c, n1) && opt.batch) if (check_sig_and_print (c, n1) && opt.batch
&& !opt.flags.proc_all_sigs)
break; break;
} }
else else

View File

@ -306,7 +306,10 @@ struct
/* Fail if an operation can't be done in the requested compliance /* Fail if an operation can't be done in the requested compliance
* mode. */ * mode. */
unsigned int require_compliance:1; unsigned int require_compliance:1;
/* Fail encryption unless a PQC algorithm is used. */
unsigned int require_pqc_encryption:1; unsigned int require_pqc_encryption:1;
/* Process all signatures even in batch mode. */
unsigned int proc_all_sigs:1;
} flags; } flags;
/* Linked list of ways to find a key if the key isn't on the local /* Linked list of ways to find a key if the key isn't on the local