From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id DF48015803E for ; Fri, 5 Jan 2024 10:52:37 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 38D552BC167; Fri, 5 Jan 2024 10:52:16 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id DCCE42BC163 for ; Fri, 5 Jan 2024 10:52:15 +0000 (UTC) From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= To: gentoo-dev@lists.gentoo.org Cc: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= Subject: [gentoo-dev] [PATCH 2/2] verify-sig.eclass: Accept 1-out-of-n sigs on multisig files Date: Fri, 5 Jan 2024 11:52:06 +0100 Message-ID: <20240105105206.233878-2-mgorny@gentoo.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240105105206.233878-1-mgorny@gentoo.org> References: <20240105105206.233878-1-mgorny@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Archives-Salt: 6c39d648-8bb7-416e-9190-2000f02a8965 X-Archives-Hash: f5b43c1f9ad17ba4017e16345beee45e If a distfile has multiple detached signatures, pass verification if at least one of them can be verified rather than requiring all of them. This is particularly helpful for upstreams where the whole set of release keys is hard to come by. Closes: https://bugs.gentoo.org/873211 Closes: https://github.com/gentoo/gentoo/pull/29224 Signed-off-by: Michał Górny --- eclass/verify-sig.eclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass index 31e3cca09379..8b9e21b03e2f 100644 --- a/eclass/verify-sig.eclass +++ b/eclass/verify-sig.eclass @@ -160,7 +160,7 @@ verify-sig_verify_detached() { # https://bugs.gentoo.org/854492 local -x TMPDIR=/tmp gemato openpgp-verify-detached -K "${key}" \ - "${extra_args[@]}" \ + "${extra_args[@]}" --no-require-all-good \ "${sig}" "${file}" || die "PGP signature verification failed" ;; -- 2.43.0