gpg: New option --override-compliance-check
* g10/gpg.c (oOverrideComplianceCheck): New. (opts): Add new option. (main): Set option and add check for batch mode. * g10/options.h (opt): Add flags.override_compliance_check. * g10/sig-check.c (check_signature2): Factor complaince checking out to ... (check_key_verify_compliance): new. Turn error into a warning in override mode.
There is one important use case for this: For systems configured
globally to use de-vs mode, Ed25519 and other key types are not
allowed because they are not listred in the BSI algorithm catalog.
Now, our release signing keys happen to be Ed25519 and thus we need to
offer a way for users to check new versions even if the system is in
de-vs mode. This does on purpose not work in --batch mode so that
scripted solutions won't accidently pass a signature check.
Backported-from-master: fb26e144adfd93051501d58f5d0d4f8826ddf436
- GnuPG-bug-id: T5655