[gentoo-commits] proj/portage:master commit in: lib/portage/

[Michał Górny]

commit:     f6f411563dd137bea17cfb312f9827da6f39ae9c
Author:     Michał Górny <mgorny <AT> gentoo <DOT> org>
AuthorDate: Fri Oct 31 18:40:32 2025 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Fri Oct 31 20:24:43 2025 +0000
URL:        https://gitweb.gentoo.org/proj/portage.git/commit/?id=f6f41156

gpkg: Make GPG stdout/stderr decoding error-tolerant

GnuPG stdout / stderr may contain unescaped binary data
in the 0x80..0xff range, making it invalid UTF-8.  Make decoding
error-tolerant, so that we don't crash upon it, in particular when
trying to display an error message.

Signed-off-by: Michał Górny <mgorny <AT> gentoo.org>
Part-of: https://github.com/gentoo/portage/pull/1495
Signed-off-by: Michał Górny <mgorny <AT> gentoo.org>

 lib/portage/gpkg.py | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/lib/portage/gpkg.py b/lib/portage/gpkg.py
index 53785c2711..990f2077dc 100644
--- a/lib/portage/gpkg.py
+++ b/lib/portage/gpkg.py
@@ -555,7 +555,11 @@ class checksum_helper:
                 trust_signature = True
 
         if (not good_signature) or (not trust_signature):
-            writemsg(colorize("BAD", f"!!!\n{self.gpg_result.decode()}"))
+            writemsg(
+                colorize(
+                    "BAD", f"!!!\n{self.gpg_result.decode('UTF-8', 
errors='replace')}"
+                )
+            )
             raise InvalidSignature("GPG verify failed")
 
     def update(self, data):
@@ -593,11 +597,22 @@ class checksum_helper:
 
             if return_code == os.EX_OK:
                 if self.gpg_operation == checksum_helper.VERIFY:
-                    self._check_gpg_status(self.gpg_result.decode())
+                    self._check_gpg_status(
+                        self.gpg_result.decode("UTF-8", errors="replace")
+                    )
             else:
-                writemsg(colorize("BAD", f"!!!\n{self.gpg_result.decode()}"))
+                writemsg(
+                    colorize(
+                        "BAD",
+                        f"!!!\n{self.gpg_result.decode('UTF-8', 
errors='replace')}",
+                    )
+                )
                 if self.gpg_operation == checksum_helper.SIGNING:
-                    writemsg(colorize("BAD", self.gpg_output.decode()))
+                    writemsg(
+                        colorize(
+                            "BAD", self.gpg_output.decode("UTF-8", 
errors="replace")
+                        )
+                    )
                     raise GPGException("GPG signing failed")
                 elif self.gpg_operation == checksum_helper.VERIFY:
                     raise InvalidSignature("GPG verify failed")