1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-18 14:17:03 +01:00

gpg: New option --proc-all-sigs

* g10/options.h (flags): Add proc_all_sigs.
* g10/mainproc.c (check_sig_and_print): Do not stop signature checking
if this new option is used.
* g10/gpg.c (oProcAllSigs): New.
(opts): Add "proc-all-sigs".
(main): Set it.
--

GnuPG-bug-id: 7261
Backported-from-master: 1eb382fb1f431575872b47dc160807858b7df3e5
(cherry picked from commit cb739bb2a5796b8d48cbb92c615538bf53bcd482)
This commit is contained in:
Werner Koch 2024-08-23 11:27:58 +02:00
parent a891e55f15
commit 5276a1373c
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
5 changed files with 21 additions and 1 deletions

2
NEWS
View File

@ -1,6 +1,8 @@
Noteworthy changes in version 2.2.45 (unreleased) Noteworthy changes in version 2.2.45 (unreleased)
------------------------------------------------- -------------------------------------------------
* gpg: New option --proc-all-sigs. [T7261]
Release-info: https://dev.gnupg.org/T7255 Release-info: https://dev.gnupg.org/T7255

View File

@ -270,6 +270,12 @@ is designed to compare signed data against a list of trusted keys and
returns with success only for a good signature. It has its own manual returns with success only for a good signature. It has its own manual
page. page.
Note: With option @option{--batch} the verification of signatures
stops at the first bad signature. This is a safe default for
unattended processing but sometimes a status for all signatures is
needed. To override this early bailout use the option
@option{--proc-all-sigs}.
@item --multifile @item --multifile
@opindex multifile @opindex multifile
@ -1307,6 +1313,10 @@ Assume "yes" on most questions. Should not be used in an option file.
@opindex no @opindex no
Assume "no" on most questions. Should not be used in an option file. Assume "no" on most questions. Should not be used in an option file.
@item --proc-all-sigs
@opindex proc-all-sigs
This option overrides the behaviour of the @option{--batch} option to
stop signature verification at the first bad signatures.
@item --list-options @var{parameters} @item --list-options @var{parameters}
@opindex list-options @opindex list-options

View File

@ -438,6 +438,7 @@ enum cmd_and_opt_values
oRequireCompliance, oRequireCompliance,
oCompatibilityFlags, oCompatibilityFlags,
oAddDesigRevoker, oAddDesigRevoker,
oProcAllSigs,
oNoop oNoop
}; };
@ -877,6 +878,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oBatch, "batch", "@"), ARGPARSE_s_n (oBatch, "batch", "@"),
ARGPARSE_s_n (oNoBatch, "no-batch", "@"), ARGPARSE_s_n (oNoBatch, "no-batch", "@"),
ARGPARSE_s_n (oProcAllSigs, "proc-all-sigs", "@"),
ARGPARSE_s_n (oAnswerYes, "yes", "@"), ARGPARSE_s_n (oAnswerYes, "yes", "@"),
ARGPARSE_s_n (oAnswerNo, "no", "@"), ARGPARSE_s_n (oAnswerNo, "no", "@"),
ARGPARSE_s_i (oStatusFD, "status-fd", "@"), ARGPARSE_s_i (oStatusFD, "status-fd", "@"),
@ -2713,6 +2715,10 @@ main (int argc, char **argv)
nogreeting = 1; nogreeting = 1;
break; break;
case oProcAllSigs:
opt.flags.proc_all_sigs = 1;
break;
case oUseAgent: /* Dummy. */ case oUseAgent: /* Dummy. */
break; break;

View File

@ -2638,7 +2638,7 @@ check_sig_and_print (CTX c, kbnode_t node)
release_kbnode( keyblock ); release_kbnode( keyblock );
if (rc) if (rc)
g10_errors_seen = 1; g10_errors_seen = 1;
if (opt.batch && rc) if (opt.batch && rc && !opt.flags.proc_all_sigs)
g10_exit (1); g10_exit (1);
} }
else else

View File

@ -260,6 +260,8 @@ struct
/* Fail if an operation can't be done in the requested compliance /* Fail if an operation can't be done in the requested compliance
* mode. */ * mode. */
unsigned int require_compliance:1; unsigned int require_compliance:1;
/* Process all signatures even in batch mode. */
unsigned int proc_all_sigs:1;
} flags; } flags;
/* Linked list of ways to find a key if the key isn't on the local /* Linked list of ways to find a key if the key isn't on the local