1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

gpg: New option --force-sign-key

* g10/gpg.c (oForceSignKey,opts): New option "--force-sign-key".
(main): Set it.
* g10/options.h (opt): New flag flags.force_sign_key.
* g10/keyedit.c (sign_uids): Use new flag.
--

GnuPG-bug-id: 4584
This commit is contained in:
Werner Koch 2021-03-11 11:27:07 +01:00
parent f3e68e39da
commit 87d7b7e075
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 32 additions and 13 deletions

View File

@ -1114,7 +1114,9 @@ If a name is prefixed with a '=' a case sensitive exact match is done.
The command @option{--quick-lsign-key} marks the signatures as The command @option{--quick-lsign-key} marks the signatures as
non-exportable. If such a non-exportable signature already exists the non-exportable. If such a non-exportable signature already exists the
@option{--quick-sign-key} turns it into a exportable signature. @option{--quick-sign-key} turns it into a exportable signature. If
you need to update an existing signature, for example to add or change
notation data, you need to use the option @option{--force-sign-key}.
This command uses reasonable defaults and thus does not provide the This command uses reasonable defaults and thus does not provide the
full flexibility of the "sign" subcommand from @option{--edit-key}. full flexibility of the "sign" subcommand from @option{--edit-key}.
@ -1212,8 +1214,8 @@ encountered, you can explicitly stop parsing by using the special option
@node GPG Configuration Options @node GPG Configuration Options
@subsection How to change the configuration @subsection How to change the configuration
These options are used to change the configuration and are usually found These options are used to change the configuration and most of them
in the option file. are usually found in the option file.
@table @gnupgtabopt @table @gnupgtabopt
@ -1242,6 +1244,7 @@ one from the secret keyring or the one set with @option{--default-key}.
@item --no-default-recipient @item --no-default-recipient
@opindex no-default-recipient @opindex no-default-recipient
Reset @option{--default-recipient} and @option{--default-recipient-self}. Reset @option{--default-recipient} and @option{--default-recipient-self}.
Should not be used in an option file.
@item -v, --verbose @item -v, --verbose
@opindex verbose @opindex verbose
@ -1250,11 +1253,11 @@ twice, the input data is listed in detail.
@item --no-verbose @item --no-verbose
@opindex no-verbose @opindex no-verbose
Reset verbose level to 0. Reset verbose level to 0. Should not be used in an option file.
@item -q, --quiet @item -q, --quiet
@opindex quiet @opindex quiet
Try to be as quiet as possible. Try to be as quiet as possible. Should not be used in an option file.
@item --batch @item --batch
@itemx --no-batch @itemx --no-batch
@ -1266,11 +1269,11 @@ filename given on the command line, gpg might still need to read from
STDIN (in particular if gpg figures that the input is a STDIN (in particular if gpg figures that the input is a
detached signature and no data file has been specified). Thus if you detached signature and no data file has been specified). Thus if you
do not want to feed data via STDIN, you should connect STDIN to do not want to feed data via STDIN, you should connect STDIN to
g@file{/dev/null}. @file{/dev/null}.
It is highly recommended to use this option along with the options It is highly recommended to use this option along with the options
@option{--status-fd} and @option{--with-colons} for any unattended use of @option{--status-fd} and @option{--with-colons} for any unattended use of
@command{gpg}. @command{gpg}. Should not be used in an option file.
@item --no-tty @item --no-tty
@opindex no-tty @opindex no-tty
@ -1280,11 +1283,11 @@ warnings to the TTY even if @option{--batch} is used.
@item --yes @item --yes
@opindex yes @opindex yes
Assume "yes" on most questions. Assume "yes" on most questions. Should not be used in an option file.
@item --no @item --no
@opindex no @opindex no
Assume "no" on most questions. Assume "no" on most questions. Should not be used in an option file.
@item --list-options @var{parameters} @item --list-options @var{parameters}
@ -1565,6 +1568,7 @@ default (@option{--no-utf8-strings}) is to assume that arguments are
encoded in the character set as specified by encoded in the character set as specified by
@option{--display-charset}. These options affect all following @option{--display-charset}. These options affect all following
arguments. Both options may be used multiple times. arguments. Both options may be used multiple times.
This option should not be used in an option file.
@anchor{gpg-option --options} @anchor{gpg-option --options}
@item --options @var{file} @item --options @var{file}
@ -3469,6 +3473,13 @@ You need to consult the source code to learn the details. Note that
the advanced key generation commands can always be used to specify a the advanced key generation commands can always be used to specify a
key algorithm directly. key algorithm directly.
@item --force-sign-key
@opindex force-sign-key
This option modifies the behaviour of the commands
@option{--quick-sign-key}, @option{--quick-lsign-key}, and the "sign"
sub-commands of @option{--edit-key} by forcing the creation of a key
signature, even if one already exists.
@item --allow-secret-key-import @item --allow-secret-key-import
@opindex allow-secret-key-import @opindex allow-secret-key-import
This is an obsolete option and is not used anywhere. This is an obsolete option and is not used anywhere.

View File

@ -430,6 +430,7 @@ enum cmd_and_opt_values
oUseOnlyOpenPGPCard, oUseOnlyOpenPGPCard,
oIncludeKeyBlock, oIncludeKeyBlock,
oNoIncludeKeyBlock, oNoIncludeKeyBlock,
oForceSignKey,
oNoop oNoop
}; };
@ -838,6 +839,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oWeakDigest, "weak-digest","@"), ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
ARGPARSE_s_n (oUnwrap, "unwrap", "@"), ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"), ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
ARGPARSE_s_n (oForceSignKey, "force-sign-key", "@"),
/* Aliases. I constantly mistype these, and assume other people do /* Aliases. I constantly mistype these, and assume other people do
as well. */ as well. */
@ -2674,6 +2676,9 @@ main (int argc, char **argv)
case oAnswerYes: opt.answer_yes = 1; break; case oAnswerYes: opt.answer_yes = 1; break;
case oAnswerNo: opt.answer_no = 1; break; case oAnswerNo: opt.answer_no = 1; break;
case oForceSignKey: opt.flags.force_sign_key = 1; break;
case oKeyring: append_to_strlist( &nrings, pargs.r.ret_str); break; case oKeyring: append_to_strlist( &nrings, pargs.r.ret_str); break;
case oPrimaryKeyring: case oPrimaryKeyring:
sl = append_to_strlist (&nrings, pargs.r.ret_str); sl = append_to_strlist (&nrings, pargs.r.ret_str);

View File

@ -751,10 +751,11 @@ sign_uids (ctrl_t ctrl, estream_t fp,
_("\"%s\" was already signed by key %s\n"), _("\"%s\" was already signed by key %s\n"),
user, keystr_from_pk (pk)); user, keystr_from_pk (pk));
if (opt.expert && !quick if (opt.flags.force_sign_key
&& cpr_get_answer_is_yes ("sign_uid.dupe_okay", || (opt.expert && !quick
_("Do you want to sign it " && cpr_get_answer_is_yes ("sign_uid.dupe_okay",
"again anyway? (y/N) "))) _("Do you want to sign it "
"again anyway? (y/N) "))))
{ {
/* Don't delete the old sig here since this is /* Don't delete the old sig here since this is
an --expert thing. */ an --expert thing. */

View File

@ -241,6 +241,8 @@ struct
/* Force the use of the OpenPGP card and do not allow the use of /* Force the use of the OpenPGP card and do not allow the use of
* another card. */ * another card. */
unsigned int use_only_openpgp_card:1; unsigned int use_only_openpgp_card:1;
/* Force signing keys even if a key signature already exists. */
unsigned int force_sign_key:1;
} flags; } flags;
/* Linked list of ways to find a key if the key isn't on the local /* Linked list of ways to find a key if the key isn't on the local