[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-dev
Subject:    [gentoo-dev] [PATCH 2/2] verify-sig.eclass: Accept 1-out-of-n sigs on multisig files
From:       Michał Górny <mgorny () gentoo ! org>
Date:       2023-01-29 13:03:35
Message-ID: 20230129130335.3463-2-mgorny () gentoo ! org
[Download RAW message or body]

If a distfile has multiple detached signatures, pass verification
if at least one of them can be verified rather than requiring all
of them.  This is particularly helpful for upstreams where the whole
set of release keys is hard to come by.

Closes: https://bugs.gentoo.org/873211
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
 eclass/verify-sig.eclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass
index 95e8b357893a..2c8311db49f9 100644
--- a/eclass/verify-sig.eclass
+++ b/eclass/verify-sig.eclass
@@ -146,7 +146,7 @@ verify-sig_verify_detached() {
 			# https://bugs.gentoo.org/854492
 			local -x TMPDIR=/tmp
 			gemato openpgp-verify-detached -K "${key}" \
-				"${extra_args[@]}" \
+				"${extra_args[@]}" --no-require-all-good \
 				"${sig}" "${file}" ||
 				die "PGP signature verification failed"
 			;;
-- 
2.39.1


[prev in list] [next in list] [prev in thread] [next in thread]