gpg: Add new option --only-sign-text-ids.
authorNeal H. Walfield <neal@g10code.com>
Fri, 6 Nov 2015 12:14:57 +0000 (13:14 +0100)
committerNeal H. Walfield <neal@g10code.com>
Fri, 6 Nov 2015 12:16:37 +0000 (13:16 +0100)
* g10/options.h (opt): Add field only_sign_text_ids.
* g10/gpg.c (enum cmd_and_opt_values): Add value oOnlySignTextIDs.
(opts): Handle oOnlySignTextIDs.
(main): Likewise.
* g10/keyedit.c (sign_uids): If OPT.ONLY_SIGN_TEXT_IDS is set, don't
select non-text based IDs automatically.
(keyedit_menu): Adapt the prompt asking to sign all user ids according
to OPT.ONLY_SIGN_TEXT_IDS.
* doc/gpg.texi: Document the new option --only-sign-text-ids.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1241
Debian-bug-id: 569702

doc/gpg.texi
g10/gpg.c
g10/keyedit.c
g10/options.h

index 246b441..dcef495 100644 (file)
@@ -650,6 +650,10 @@ and "t" (for trust) may be freely mixed and prefixed to "sign" to
 create a signature of any type desired.
 @c man:.RE
 
+If the option @option{--only-sign-text-ids} is specified, then any
+non-text based user ids (e.g., photo IDs) will not be selected for
+signing.
+
 @table @asis
 
   @item delsig
index b15be91..e47b7f5 100644 (file)
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -392,6 +392,7 @@ enum cmd_and_opt_values
     oTOFUDBFormat,
     oWeakDigest,
     oUnwrap,
+    oOnlySignTextIDs,
 
     oNoop
   };
@@ -755,6 +756,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
   ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
   ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
+  ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
 
   /* Aliases.  I constantly mistype these, and assume other people do
      as well. */
@@ -3308,6 +3310,9 @@ main (int argc, char **argv)
           case oUnwrap:
             opt.unwrap_encryption = 1;
             break;
+          case oOnlySignTextIDs:
+            opt.only_sign_text_ids = 1;
+            break;
 
           case oDisplay:
             set_opt_session_env ("DISPLAY", pargs.r.ret_str);
index afa6f85..16b0cec 100644 (file)
@@ -1,6 +1,7 @@
 /* keyedit.c - Edit properties of a key
  * Copyright (C) 1998-2010 Free Software Foundation, Inc.
  * Copyright (C) 1998-2015 Werner Koch
+ * Copyright (C) 2015 g10 Code GmbH
  *
  * This file is part of GnuPG.
  *
@@ -614,7 +615,16 @@ sign_uids (ctrl_t ctrl, estream_t fp,
                   user = utf8_to_native (uidnode->pkt->pkt.user_id->name,
                                          uidnode->pkt->pkt.user_id->len, 0);
 
-                 if (uidnode->pkt->pkt.user_id->is_revoked)
+                  if (opt.only_sign_text_ids
+                      && uidnode->pkt->pkt.user_id->attribs)
+                    {
+                      tty_fprintf (fp, _("Skipping User ID \"%s\","
+                                         " which is not a text ID.\n"),
+                                   user);
+                      uidnode->flag &= ~NODFLG_MARK_A;
+                      uidnode = NULL;
+                    }
+                 else if (uidnode->pkt->pkt.user_id->is_revoked)
                    {
                      tty_fprintf (fp, _("User ID \"%s\" is revoked."), user);
 
@@ -1742,21 +1752,31 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
                  }
              }
 
-           if (count_uids (keyblock) > 1 && !count_selected_uids (keyblock)
-               && !cpr_get_answer_is_yes ("keyedit.sign_all.okay",
-                                          _("Really sign all user IDs?"
-                                            " (y/N) ")))
-             {
-               if (opt.interactive)
-                 interactive = 1;
-               else
-                 {
-                   tty_printf (_("Hint: Select the user IDs to sign\n"));
-                   have_commands = 0;
-                   break;
-                 }
-
-             }
+           if (count_uids (keyblock) > 1 && !count_selected_uids (keyblock))
+              {
+                int result;
+                if (opt.only_sign_text_ids)
+                  result = cpr_get_answer_is_yes
+                    ("keyedit.sign_all.okay",
+                     _("Really sign all user IDs? (y/N) "));
+                else
+                  result = cpr_get_answer_is_yes
+                    ("keyedit.sign_all.okay",
+                     _("Really sign all text user IDs? (y/N) "));
+
+                if (! result)
+                  {
+                    if (opt.interactive)
+                      interactive = 1;
+                    else
+                      {
+                        tty_printf (_("Hint: Select the user IDs to sign\n"));
+                        have_commands = 0;
+                        break;
+                      }
+
+                  }
+              }
            /* What sort of signing are we doing? */
            if (!parse_sign_type
                (answer, &localsig, &nonrevokesig, &trustsig))
index c8541b2..68f5d39 100644 (file)
@@ -264,6 +264,7 @@ struct
   int pinentry_mode;
 
   int unwrap_encryption;
+  int only_sign_text_ids;
 } opt;
 
 /* CTRL is used to keep some global variables we currently can't