commit: 89c2617afbfe6250ee7dfd4ee4641c8f74c54004 Author: Michał Górny <mgorny <AT> gentoo <DOT> org> AuthorDate: Mon Jan 23 08:23:18 2023 +0000 Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> CommitDate: Sun Feb 12 15:13:56 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=89c2617a
verify-sig.eclass: Accept 1-out-of-n sigs on multisig files If a distfile has multiple detached signatures, pass verification if at least one of them can be verified rather than requiring all of them. This is particularly helpful for upstreams where the whole set of release keys is hard to come by. Closes: https://bugs.gentoo.org/873211 Closes: https://github.com/gentoo/gentoo/pull/29224 Signed-off-by: Michał Górny <mgorny <AT> gentoo.org> eclass/verify-sig.eclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass index a071139daa17..a7d6d26ed432 100644 --- a/eclass/verify-sig.eclass +++ b/eclass/verify-sig.eclass @@ -146,7 +146,7 @@ verify-sig_verify_detached() { # https://bugs.gentoo.org/854492 local -x TMPDIR=/tmp gemato openpgp-verify-detached -K "${key}" \ - "${extra_args[@]}" \ + "${extra_args[@]}" --no-require-all-good \ "${sig}" "${file}" || die "PGP signature verification failed" ;;
