1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

gpg: New option --force-sign-key

* g10/gpg.c (oForceSignKey,opts): New option "--force-sign-key".
(main): Set it.
* g10/options.h (opt): New flag flags.force_sign_key.
* g10/keyedit.c (sign_uids): Use new flag.
--

GnuPG-bug-id: 4584
This commit is contained in:
Werner Koch 2021-03-11 11:27:07 +01:00
parent f3e68e39da
commit 87d7b7e075
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 32 additions and 13 deletions

View File

@ -1114,7 +1114,9 @@ If a name is prefixed with a '=' a case sensitive exact match is done.
The command @option{--quick-lsign-key} marks the signatures as
non-exportable. If such a non-exportable signature already exists the
@option{--quick-sign-key} turns it into a exportable signature.
@option{--quick-sign-key} turns it into a exportable signature. If
you need to update an existing signature, for example to add or change
notation data, you need to use the option @option{--force-sign-key}.
This command uses reasonable defaults and thus does not provide the
full flexibility of the "sign" subcommand from @option{--edit-key}.
@ -1212,8 +1214,8 @@ encountered, you can explicitly stop parsing by using the special option
@node GPG Configuration Options
@subsection How to change the configuration
These options are used to change the configuration and are usually found
in the option file.
These options are used to change the configuration and most of them
are usually found in the option file.
@table @gnupgtabopt
@ -1242,6 +1244,7 @@ one from the secret keyring or the one set with @option{--default-key}.
@item --no-default-recipient
@opindex no-default-recipient
Reset @option{--default-recipient} and @option{--default-recipient-self}.
Should not be used in an option file.
@item -v, --verbose
@opindex verbose
@ -1250,11 +1253,11 @@ twice, the input data is listed in detail.
@item --no-verbose
@opindex no-verbose
Reset verbose level to 0.
Reset verbose level to 0. Should not be used in an option file.
@item -q, --quiet
@opindex quiet
Try to be as quiet as possible.
Try to be as quiet as possible. Should not be used in an option file.
@item --batch
@itemx --no-batch
@ -1266,11 +1269,11 @@ filename given on the command line, gpg might still need to read from
STDIN (in particular if gpg figures that the input is a
detached signature and no data file has been specified). Thus if you
do not want to feed data via STDIN, you should connect STDIN to
g@file{/dev/null}.
@file{/dev/null}.
It is highly recommended to use this option along with the options
@option{--status-fd} and @option{--with-colons} for any unattended use of
@command{gpg}.
@command{gpg}. Should not be used in an option file.
@item --no-tty
@opindex no-tty
@ -1280,11 +1283,11 @@ warnings to the TTY even if @option{--batch} is used.
@item --yes
@opindex yes
Assume "yes" on most questions.
Assume "yes" on most questions. Should not be used in an option file.
@item --no
@opindex no
Assume "no" on most questions.
Assume "no" on most questions. Should not be used in an option file.
@item --list-options @var{parameters}
@ -1565,6 +1568,7 @@ default (@option{--no-utf8-strings}) is to assume that arguments are
encoded in the character set as specified by
@option{--display-charset}. These options affect all following
arguments. Both options may be used multiple times.
This option should not be used in an option file.
@anchor{gpg-option --options}
@item --options @var{file}
@ -3469,6 +3473,13 @@ You need to consult the source code to learn the details. Note that
the advanced key generation commands can always be used to specify a
key algorithm directly.
@item --force-sign-key
@opindex force-sign-key
This option modifies the behaviour of the commands
@option{--quick-sign-key}, @option{--quick-lsign-key}, and the "sign"
sub-commands of @option{--edit-key} by forcing the creation of a key
signature, even if one already exists.
@item --allow-secret-key-import
@opindex allow-secret-key-import
This is an obsolete option and is not used anywhere.

View File

@ -430,6 +430,7 @@ enum cmd_and_opt_values
oUseOnlyOpenPGPCard,
oIncludeKeyBlock,
oNoIncludeKeyBlock,
oForceSignKey,
oNoop
};
@ -838,6 +839,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
ARGPARSE_s_n (oForceSignKey, "force-sign-key", "@"),
/* Aliases. I constantly mistype these, and assume other people do
as well. */
@ -2674,6 +2676,9 @@ main (int argc, char **argv)
case oAnswerYes: opt.answer_yes = 1; break;
case oAnswerNo: opt.answer_no = 1; break;
case oForceSignKey: opt.flags.force_sign_key = 1; break;
case oKeyring: append_to_strlist( &nrings, pargs.r.ret_str); break;
case oPrimaryKeyring:
sl = append_to_strlist (&nrings, pargs.r.ret_str);

View File

@ -751,10 +751,11 @@ sign_uids (ctrl_t ctrl, estream_t fp,
_("\"%s\" was already signed by key %s\n"),
user, keystr_from_pk (pk));
if (opt.expert && !quick
&& cpr_get_answer_is_yes ("sign_uid.dupe_okay",
_("Do you want to sign it "
"again anyway? (y/N) ")))
if (opt.flags.force_sign_key
|| (opt.expert && !quick
&& cpr_get_answer_is_yes ("sign_uid.dupe_okay",
_("Do you want to sign it "
"again anyway? (y/N) "))))
{
/* Don't delete the old sig here since this is
an --expert thing. */

View File

@ -241,6 +241,8 @@ struct
/* Force the use of the OpenPGP card and do not allow the use of
* another card. */
unsigned int use_only_openpgp_card:1;
/* Force signing keys even if a key signature already exists. */
unsigned int force_sign_key:1;
} flags;
/* Linked list of ways to find a key if the key isn't on the local