From fc918a9bef1c7b449080cb064db7b1f3249d793d Mon Sep 17 00:00:00 2001
From: Thomas Gleixner <tglx@linutronix.de>
Date: Tue, 18 Feb 2020 21:40:36 +0100
Subject: [PATCH] remail/gpg: Use the lists private key for signing

Konstantin reported that outgoing mail from a mailing list is signed with
the default private key found in the private keyring.

That's caused by just handing boolen True into the 'sign' argument of
gpg_encrypt() while the documentation clearly says:

  sign (defaults to None)
    Either the Boolean value True, or the fingerprint of a key which is
    used to sign the encrypted data. If True is specified, the default key
    is used for signing. When not specified, the data is not signed.

Hand the list account fingerprint in if signing is enabled in the
configuration.

Reported-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Reviewed-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
---
 remail/gpg.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/remail/gpg.py b/remail/gpg.py
index 35cbd42..442c413 100644
--- a/remail/gpg.py
+++ b/remail/gpg.py
@@ -89,9 +89,14 @@ class gpg_crypt(object):
     def do_encrypt(self, payload, fingerprints):
         ''' Common encryption helper'''
 
+        if self.config.sign:
+            signit = self.account.fingerprint
+        else:
+            signit = None
+
         enc = self.gpg.encrypt(payload, fingerprints, armor=self.config.armor,
                                always_trust=self.config.always_trust,
-                               sign=self.config.sign)
+                               sign=signit)
         if enc.ok:
             return str(enc)
         raise RemailGPGException('Encryption fail: %s' % enc.status)