| Message ID | 20211007165551.2312946-1-keescook@chromium.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | validate: Use patatt's configured keyring as fallback | expand |
On Thu, 7 Oct 2021 09:55:51 -0700, Kees Cook wrote: > If b4 doesn't have an explicit keyringsrc configured, attempt to fetch > it from patatt configuration instead. This avoids some very confusing > situations where patatt would validate and b4 would reject. (I had an > expired pubkey in my gpg default keyring, but the same pubkey had an > updated expiration date in patatt's keyring.) > > > [...] Applied, thanks! [1/1] validate: Use patatt's configured keyring as fallback commit: 3847a92a365a96270ab0de6111f349e98379f930 Best regards,
diff --git a/b4/__init__.py b/b4/__init__.py index 47272bb4bdd7..a895e3a6f4d0 100644 --- a/b4/__init__.py +++ b/b4/__init__.py @@ -1117,7 +1117,11 @@ class LoreMessage: config = get_main_config() sources = config.get('keyringsrc') if not sources: - sources = ['ref:::.keys', 'ref:::.local-keys', 'ref::refs/meta/keyring:'] + # fallback to patatt's keyring if none is specified for b4 + patatt_config = patatt.get_config_from_git(r'patatt\..*', multivals=['keyringsrc']) + sources = patatt_config.get('keyringsrc') + if not sources: + sources = ['ref:::.keys', 'ref:::.local-keys', 'ref::refs/meta/keyring:'] if pdir not in sources: sources.append(pdir)
If b4 doesn't have an explicit keyringsrc configured, attempt to fetch it from patatt configuration instead. This avoids some very confusing situations where patatt would validate and b4 would reject. (I had an expired pubkey in my gpg default keyring, but the same pubkey had an updated expiration date in patatt's keyring.) Signed-off-by: Kees Cook <keescook@chromium.org> --- b4/__init__.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)