From fe02ef04500c1b35cd27132fb99ac1961f555193 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 11 Mar 2021 11:27:07 +0100 Subject: [PATCH] gpg: New option --force-sign-key * g10/gpg.c (oForceSignKey,opts): New option "--force-sign-key". (main): Set it. * g10/options.h (opt): New flag flags.force_sign_key. * g10/keyedit.c (sign_uids): Use new flag. -- GnuPG-bug-id: 4584 --- doc/gpg.texi | 29 ++++++++++++++++++++--------- g10/gpg.c | 6 +++++- g10/keyedit.c | 9 +++++---- g10/options.h | 2 ++ 4 files changed, 32 insertions(+), 14 deletions(-) diff --git a/doc/gpg.texi b/doc/gpg.texi index b93b52cd7..f6107b815 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1123,7 +1123,9 @@ If a name is prefixed with a '=' a case sensitive exact match is done. The command @option{--quick-lsign-key} marks the signatures as non-exportable. If such a non-exportable signature already exists the -@option{--quick-sign-key} turns it into a exportable signature. +@option{--quick-sign-key} turns it into a exportable signature. If +you need to update an existing signature, for example to add or change +notation data, you need to use the option @option{--force-sign-key}. This command uses reasonable defaults and thus does not provide the full flexibility of the "sign" subcommand from @option{--edit-key}. @@ -1221,8 +1223,8 @@ encountered, you can explicitly stop parsing by using the special option @node GPG Configuration Options @subsection How to change the configuration -These options are used to change the configuration and are usually found -in the option file. +These options are used to change the configuration and most of them +are usually found in the option file. @table @gnupgtabopt @@ -1251,6 +1253,7 @@ one from the secret keyring or the one set with @option{--default-key}. @item --no-default-recipient @opindex no-default-recipient Reset @option{--default-recipient} and @option{--default-recipient-self}. +Should not be used in an option file. @item -v, --verbose @opindex verbose @@ -1259,11 +1262,11 @@ twice, the input data is listed in detail. @item --no-verbose @opindex no-verbose -Reset verbose level to 0. +Reset verbose level to 0. Should not be used in an option file. @item -q, --quiet @opindex quiet -Try to be as quiet as possible. +Try to be as quiet as possible. Should not be used in an option file. @item --batch @itemx --no-batch @@ -1275,11 +1278,11 @@ filename given on the command line, gpg might still need to read from STDIN (in particular if gpg figures that the input is a detached signature and no data file has been specified). Thus if you do not want to feed data via STDIN, you should connect STDIN to -g@file{/dev/null}. +@file{/dev/null}. It is highly recommended to use this option along with the options @option{--status-fd} and @option{--with-colons} for any unattended use of -@command{gpg}. +@command{gpg}. Should not be used in an option file. @item --no-tty @opindex no-tty @@ -1289,11 +1292,11 @@ warnings to the TTY even if @option{--batch} is used. @item --yes @opindex yes -Assume "yes" on most questions. +Assume "yes" on most questions. Should not be used in an option file. @item --no @opindex no -Assume "no" on most questions. +Assume "no" on most questions. Should not be used in an option file. @item --list-options @var{parameters} @@ -1571,6 +1574,7 @@ default (@option{--no-utf8-strings}) is to assume that arguments are encoded in the character set as specified by @option{--display-charset}. These options affect all following arguments. Both options may be used multiple times. +This option should not be used in an option file. This option has no effect on Windows. There the internal used UTF-8 encoding is translated for console input and output. The command line @@ -3563,6 +3567,13 @@ You need to consult the source code to learn the details. Note that the advanced key generation commands can always be used to specify a key algorithm directly. +@item --force-sign-key +@opindex force-sign-key +This option modifies the behaviour of the commands +@option{--quick-sign-key}, @option{--quick-lsign-key}, and the "sign" +sub-commands of @option{--edit-key} by forcing the creation of a key +signature, even if one already exists. + @item --allow-secret-key-import @opindex allow-secret-key-import This is an obsolete option and is not used anywhere. diff --git a/g10/gpg.c b/g10/gpg.c index c61f17188..a11ea12f9 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -435,6 +435,7 @@ enum cmd_and_opt_values oIncludeKeyBlock, oNoIncludeKeyBlock, oChUid, + oForceSignKey, oNoop }; @@ -886,7 +887,7 @@ static gpgrt_opt_t opts[] = { ARGPARSE_s_s (oPassphraseFile, "passphrase-file", "@"), ARGPARSE_s_i (oPassphraseRepeat,"passphrase-repeat", "@"), ARGPARSE_s_s (oPinentryMode, "pinentry-mode", "@"), - + ARGPARSE_s_n (oForceSignKey, "force-sign-key", "@"), ARGPARSE_header (NULL, N_("Other options")), @@ -2778,6 +2779,9 @@ main (int argc, char **argv) case oAnswerYes: opt.answer_yes = 1; break; case oAnswerNo: opt.answer_no = 1; break; + + case oForceSignKey: opt.flags.force_sign_key = 1; break; + case oKeyring: append_to_strlist( &nrings, pargs.r.ret_str); break; case oPrimaryKeyring: sl = append_to_strlist (&nrings, pargs.r.ret_str); diff --git a/g10/keyedit.c b/g10/keyedit.c index c8a127551..d07ec6526 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -751,10 +751,11 @@ sign_uids (ctrl_t ctrl, estream_t fp, _("\"%s\" was already signed by key %s\n"), user, keystr_from_pk (pk)); - if (opt.expert && !quick - && cpr_get_answer_is_yes ("sign_uid.dupe_okay", - _("Do you want to sign it " - "again anyway? (y/N) "))) + if (opt.flags.force_sign_key + || (opt.expert && !quick + && cpr_get_answer_is_yes ("sign_uid.dupe_okay", + _("Do you want to sign it " + "again anyway? (y/N) ")))) { /* Don't delete the old sig here since this is an --expert thing. */ diff --git a/g10/options.h b/g10/options.h index 61118314e..f502ace61 100644 --- a/g10/options.h +++ b/g10/options.h @@ -252,6 +252,8 @@ struct * another card. */ unsigned int use_only_openpgp_card:1; unsigned int full_timestrings:1; + /* Force signing keys even if a key signature already exists. */ + unsigned int force_sign_key:1; } flags; /* Linked list of ways to find a key if the key isn't on the local