mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
gpg: New option --force-sign-key
* g10/gpg.c (oForceSignKey,opts): New option "--force-sign-key". (main): Set it. * g10/options.h (opt): New flag flags.force_sign_key. * g10/keyedit.c (sign_uids): Use new flag. -- GnuPG-bug-id: 4584
This commit is contained in:
parent
f3e68e39da
commit
87d7b7e075
29
doc/gpg.texi
29
doc/gpg.texi
@ -1114,7 +1114,9 @@ If a name is prefixed with a '=' a case sensitive exact match is done.
|
||||
|
||||
The command @option{--quick-lsign-key} marks the signatures as
|
||||
non-exportable. If such a non-exportable signature already exists the
|
||||
@option{--quick-sign-key} turns it into a exportable signature.
|
||||
@option{--quick-sign-key} turns it into a exportable signature. If
|
||||
you need to update an existing signature, for example to add or change
|
||||
notation data, you need to use the option @option{--force-sign-key}.
|
||||
|
||||
This command uses reasonable defaults and thus does not provide the
|
||||
full flexibility of the "sign" subcommand from @option{--edit-key}.
|
||||
@ -1212,8 +1214,8 @@ encountered, you can explicitly stop parsing by using the special option
|
||||
@node GPG Configuration Options
|
||||
@subsection How to change the configuration
|
||||
|
||||
These options are used to change the configuration and are usually found
|
||||
in the option file.
|
||||
These options are used to change the configuration and most of them
|
||||
are usually found in the option file.
|
||||
|
||||
@table @gnupgtabopt
|
||||
|
||||
@ -1242,6 +1244,7 @@ one from the secret keyring or the one set with @option{--default-key}.
|
||||
@item --no-default-recipient
|
||||
@opindex no-default-recipient
|
||||
Reset @option{--default-recipient} and @option{--default-recipient-self}.
|
||||
Should not be used in an option file.
|
||||
|
||||
@item -v, --verbose
|
||||
@opindex verbose
|
||||
@ -1250,11 +1253,11 @@ twice, the input data is listed in detail.
|
||||
|
||||
@item --no-verbose
|
||||
@opindex no-verbose
|
||||
Reset verbose level to 0.
|
||||
Reset verbose level to 0. Should not be used in an option file.
|
||||
|
||||
@item -q, --quiet
|
||||
@opindex quiet
|
||||
Try to be as quiet as possible.
|
||||
Try to be as quiet as possible. Should not be used in an option file.
|
||||
|
||||
@item --batch
|
||||
@itemx --no-batch
|
||||
@ -1266,11 +1269,11 @@ filename given on the command line, gpg might still need to read from
|
||||
STDIN (in particular if gpg figures that the input is a
|
||||
detached signature and no data file has been specified). Thus if you
|
||||
do not want to feed data via STDIN, you should connect STDIN to
|
||||
g@file{/dev/null}.
|
||||
@file{/dev/null}.
|
||||
|
||||
It is highly recommended to use this option along with the options
|
||||
@option{--status-fd} and @option{--with-colons} for any unattended use of
|
||||
@command{gpg}.
|
||||
@command{gpg}. Should not be used in an option file.
|
||||
|
||||
@item --no-tty
|
||||
@opindex no-tty
|
||||
@ -1280,11 +1283,11 @@ warnings to the TTY even if @option{--batch} is used.
|
||||
|
||||
@item --yes
|
||||
@opindex yes
|
||||
Assume "yes" on most questions.
|
||||
Assume "yes" on most questions. Should not be used in an option file.
|
||||
|
||||
@item --no
|
||||
@opindex no
|
||||
Assume "no" on most questions.
|
||||
Assume "no" on most questions. Should not be used in an option file.
|
||||
|
||||
|
||||
@item --list-options @var{parameters}
|
||||
@ -1565,6 +1568,7 @@ default (@option{--no-utf8-strings}) is to assume that arguments are
|
||||
encoded in the character set as specified by
|
||||
@option{--display-charset}. These options affect all following
|
||||
arguments. Both options may be used multiple times.
|
||||
This option should not be used in an option file.
|
||||
|
||||
@anchor{gpg-option --options}
|
||||
@item --options @var{file}
|
||||
@ -3469,6 +3473,13 @@ You need to consult the source code to learn the details. Note that
|
||||
the advanced key generation commands can always be used to specify a
|
||||
key algorithm directly.
|
||||
|
||||
@item --force-sign-key
|
||||
@opindex force-sign-key
|
||||
This option modifies the behaviour of the commands
|
||||
@option{--quick-sign-key}, @option{--quick-lsign-key}, and the "sign"
|
||||
sub-commands of @option{--edit-key} by forcing the creation of a key
|
||||
signature, even if one already exists.
|
||||
|
||||
@item --allow-secret-key-import
|
||||
@opindex allow-secret-key-import
|
||||
This is an obsolete option and is not used anywhere.
|
||||
|
@ -430,6 +430,7 @@ enum cmd_and_opt_values
|
||||
oUseOnlyOpenPGPCard,
|
||||
oIncludeKeyBlock,
|
||||
oNoIncludeKeyBlock,
|
||||
oForceSignKey,
|
||||
|
||||
oNoop
|
||||
};
|
||||
@ -838,6 +839,7 @@ static ARGPARSE_OPTS opts[] = {
|
||||
ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
|
||||
ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
|
||||
ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
|
||||
ARGPARSE_s_n (oForceSignKey, "force-sign-key", "@"),
|
||||
|
||||
/* Aliases. I constantly mistype these, and assume other people do
|
||||
as well. */
|
||||
@ -2674,6 +2676,9 @@ main (int argc, char **argv)
|
||||
|
||||
case oAnswerYes: opt.answer_yes = 1; break;
|
||||
case oAnswerNo: opt.answer_no = 1; break;
|
||||
|
||||
case oForceSignKey: opt.flags.force_sign_key = 1; break;
|
||||
|
||||
case oKeyring: append_to_strlist( &nrings, pargs.r.ret_str); break;
|
||||
case oPrimaryKeyring:
|
||||
sl = append_to_strlist (&nrings, pargs.r.ret_str);
|
||||
|
@ -751,10 +751,11 @@ sign_uids (ctrl_t ctrl, estream_t fp,
|
||||
_("\"%s\" was already signed by key %s\n"),
|
||||
user, keystr_from_pk (pk));
|
||||
|
||||
if (opt.expert && !quick
|
||||
&& cpr_get_answer_is_yes ("sign_uid.dupe_okay",
|
||||
_("Do you want to sign it "
|
||||
"again anyway? (y/N) ")))
|
||||
if (opt.flags.force_sign_key
|
||||
|| (opt.expert && !quick
|
||||
&& cpr_get_answer_is_yes ("sign_uid.dupe_okay",
|
||||
_("Do you want to sign it "
|
||||
"again anyway? (y/N) "))))
|
||||
{
|
||||
/* Don't delete the old sig here since this is
|
||||
an --expert thing. */
|
||||
|
@ -241,6 +241,8 @@ struct
|
||||
/* Force the use of the OpenPGP card and do not allow the use of
|
||||
* another card. */
|
||||
unsigned int use_only_openpgp_card:1;
|
||||
/* Force signing keys even if a key signature already exists. */
|
||||
unsigned int force_sign_key:1;
|
||||
} flags;
|
||||
|
||||
/* Linked list of ways to find a key if the key isn't on the local
|
||||
|
Loading…
x
Reference in New Issue
Block a user