1. Forum
  2. Usenet
  3. LINUX.GENTOO.DEV

  • [gentoo-dev] [PATCH 2/2] verify-sig.eclass: Accept 1-out-of-n sigs on m

    From =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?@21:1/5 to All on Sun Jan 29 14:10:01 2023
    If a distfile has multiple detached signatures, pass verification
    if at least one of them can be verified rather than requiring all
    of them. This is particularly helpful for upstreams where the whole
    set of release keys is hard to come by.

    Closes: https://bugs.gentoo.org/873211
    Signed-off-by: Michał Górny <mgorny@gentoo.org>
    ---
    eclass/verify-sig.eclass | 2 +-
    1 file changed, 1 insertion(+), 1 deletion(-)

    diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass
    index 95e8b357893a..2c8311db49f9 100644
    --- a/eclass/verify-sig.eclass
    +++ b/eclass/verify-sig.eclass
    @@ -146,7 +146,7 @@ verify-sig_verify_detached() {
    # https://bugs.gentoo.org/854492
    local -x TMPDIR=/tmp
    gemato openpgp-verify-detached -K "${key}" \
    - "${extra_args[@]}" \
    + "${extra_args[@]}" --no-require-all-good \
    "${sig}" "${file}" ||
    die "PGP signature verification failed"
    ;;
    --
    2.39.1

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?@21:1/5 to All on Fri Jan 5 12:00:01 2024
    If a distfile has multiple detached signatures, pass verification
    if at least one of them can be verified rather than requiring all
    of them. This is particularly helpful for upstreams where the whole
    set of release keys is hard to come by.

    Closes: https://bugs.gentoo.org/873211
    Closes: https://github.com/gentoo/gentoo/pull/29224
    Signed-off-by: Michał Górny <mgorny@gentoo.org>
    ---
    eclass/verify-sig.eclass | 2 +-
    1 file changed, 1 insertion(+), 1 deletion(-)

    diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass
    index 31e3cca09379..8b9e21b03e2f 100644
    --- a/eclass/verify-sig.eclass
    +++ b/eclass/verify-sig.eclass
    @@ -160,7 +160,7 @@ verify-sig_verify_detached() {
    # https://bugs.gentoo.org/854492
    local -x TMPDIR=/tmp
    gemato openpgp-verify-detached -K "${key}" \
    - "${extra_args[@]}" \
    + "${extra_args[@]}" --no-require-all-good \
    "${sig}" "${file}" ||
    die "PGP signature verification failed"
    ;;
    --
    2.43.0

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)