[gentoo-commits] proj/gemato:master commit in: gemato/

Michał Górny Wed, 22 Oct 2025 09:43:51 -0700

commit:     9e805b91378ae1f98d36491856cbab73ca6cd841
Author:     Michał Górny <mgorny <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 22 16:40:06 2025 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Wed Oct 22 16:40:06 2025 +0000
URL:        https://gitweb.gentoo.org/proj/gemato.git/commit/?id=9e805b91


Revert "openpgp: Explicitly reject keys with no valid self-sigs"

FreePG has been fixed.  Let's revert the change for now, since the code
is quite messy.  We can reapply if Sequoia needs something similar.

Reverts: 17c9c9c8b96f60115d1ad12232ac89f80b2e38b3
Signed-off-by: Michał Górny <mgorny <AT> gentoo.org>

 gemato/openpgp.py | 34 ++++++----------------------------
 1 file changed, 6 insertions(+), 28 deletions(-)

diff --git a/gemato/openpgp.py b/gemato/openpgp.py
index cb42a83..f148765 100644
--- a/gemato/openpgp.py
+++ b/gemato/openpgp.py
@@ -155,7 +155,6 @@ class SystemGPGEnvironment:
         prev_pub = None
         fpr = None
         ret = {}
-        invalid = set()
 
         for line in out.splitlines():
             # were we expecting a fingerprint?
@@ -182,15 +181,7 @@ class SystemGPGEnvironment:
                 if fpr is None:
                     raise OpenPGPKeyListingError(
                         f'UID without key in GPG output: {line}')
-                uid_split = line.split(b":", 10)
-                uid = uid_split[9]
-                # no creation date means missing/broken self-sig
-                if not uid_split[5]:
-                    LOGGER.debug(
-                        f"list_keys(): rejecting key with missing self-sig: "
-                        f"{fpr=}, {uid=!r}")
-                    invalid.add(fpr)
-                    continue
+                uid = line.split(b':')[9]
                 _, addr = email.utils.parseaddr(
                     uid.decode('utf8', errors='replace'))
                 if '@' in addr:
@@ -201,11 +192,6 @@ class SystemGPGEnvironment:
                         f'list_keys(): ignoring UID without mail: '
                         f'{uid!r}')
 
-        # reject keys that have invalid/missing self-sigs
-        # to make FreePG match GnuPG behavior
-        for fpr in invalid:
-            del ret[fpr]
-
         return ret
 
     def refresh_keys(self, allow_wkd=True, keyserver=None):
@@ -559,21 +545,13 @@ debug-level guru
             keyfile.read(),
             raise_on_error=OpenPGPKeyImportError)
 
-        fprs = set()
-        for line in out.splitlines():
-            if line.startswith(b"[GNUPG:] IMPORT_OK"):
-                fprs.add(line.split(b" ")[3].decode("ASCII"))
-
-        imported = self.list_keys(list(fprs))
-        missing = fprs - set(imported)
-        if missing:
-            raise OpenPGPKeyImportError(
-                "Import succeeded but no valid key for fingerprints: "
-                f"{missing}"
-            )
-
         if trust:
+            fprs = set()
+            for line in out.splitlines():
+                if line.startswith(b'[GNUPG:] IMPORT_OK'):
+                    fprs.add(line.split(b' ')[3].decode('ASCII'))
             self._trusted_keys.update(fprs)
+
             ownertrust = ''.join(f'{fpr}:6:\n' for fpr in fprs).encode('utf8')
             exitst, out, err = self._spawn_gpg(
                 [GNUPG, '--batch', '--import-ownertrust'],

[gentoo-commits] proj/gemato:master commit in: gemato/

Reply via email to