From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id D7DEE158128 for ; Tue, 17 Jun 2025 03:01:05 +0000 (UTC) Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (No client certificate requested) (Authenticated sender: relay-lists.gentoo.org@gentoo.org) by smtp.gentoo.org (Postfix) with ESMTPSA id C0AF63426B4 for ; Tue, 17 Jun 2025 03:01:05 +0000 (UTC) Received: from bobolink.gentoo.org (localhost [127.0.0.1]) by bobolink.gentoo.org (Postfix) with ESMTP id 94E8F11050C; Tue, 17 Jun 2025 03:00:52 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (No client certificate requested) by bobolink.gentoo.org (Postfix) with ESMTPS id 84E3A1104F9 for ; Tue, 17 Jun 2025 03:00:52 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 3739234269C for ; Tue, 17 Jun 2025 03:00:52 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 7D02529EA for ; Tue, 17 Jun 2025 03:00:49 +0000 (UTC) From: "Sam James" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" Message-ID: <1750129240.9ef0d98aa9ca383b42e35c0b2364f9aa10c4aee0.sam@gentoo> Subject: [gentoo-commits] proj/portage:master commit in: bin/ X-VCS-Repository: proj/portage X-VCS-Files: bin/emerge-webrsync X-VCS-Directories: bin/ X-VCS-Committer: sam X-VCS-Committer-Name: Sam James X-VCS-Revision: 9ef0d98aa9ca383b42e35c0b2364f9aa10c4aee0 X-VCS-Branch: master Date: Tue, 17 Jun 2025 03:00:49 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: b342f75f-db28-44fc-b262-6aa84f417bf3 X-Archives-Hash: d831515cfda19d779f9be14e473e0edb commit: 9ef0d98aa9ca383b42e35c0b2364f9aa10c4aee0 Author: Kerin Millar plushkava net> AuthorDate: Mon Jun 16 12:09:48 2025 +0000 Commit: Sam James gentoo org> CommitDate: Tue Jun 17 03:00:40 2025 +0000 URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=9ef0d98a emerge-webrsync: don't specify the --no-default-keyring option Presently, both the check_file_signature_gpg_unwrapped() and gpg_verify() functions specify the --no-default-keyring option in the course of executing gpg(1). However, its manual states that a keyring is needed for almost all operations. Further, "if you use this option and do not provide alternate keyrings via --keyring, then GnuPG will still use the default keyring." Signed-off-by: Kerin Millar plushkava.net> Signed-off-by: Sam James gentoo.org> bin/emerge-webrsync | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/emerge-webrsync b/bin/emerge-webrsync index d15cbed310..d73361e6ce 100755 --- a/bin/emerge-webrsync +++ b/bin/emerge-webrsync @@ -306,7 +306,7 @@ check_file_signature_gpg_unwrapped() { # ephemeral keyring into which Gentoo's distributed # public key block shall be imported. GNUPGHOME=$(mktemp -d -- "${PORTAGE_TMPDIR}/portage/webrsync.XXXXXX") \ - && gpg --no-default-keyring --batch --import "${key}" \ + && gpg --batch --import "${key}" \ || exit elif [[ ! -w ${GNUPGHOME} ]]; then die "gpgdir is not writable: ${GNUPGHOME}" @@ -328,7 +328,7 @@ gpg_verify() { local output token # https://www.gnupg.org/documentation/manuals/gnupg/Automated-signature-checking.html - output=$(gpg --no-default-keyring --batch --status-fd 1 --verify "${signature}" "${file}") || return + output=$(gpg --batch --status-fd 1 --verify "${signature}" "${file}") || return for token in GOODSIG VALIDSIG TRUST_ULTIMATE; do [[ $'\n'${output} == *$'\n[GNUPG:] '"${token} "* ]] || return done