This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch main in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=3ba0bd72d906c4bc56b7b86e63bc20198eababb1 commit 3ba0bd72d906c4bc56b7b86e63bc20198eababb1 (HEAD -> main) Author: Guillem Jover <[email protected]> AuthorDate: Wed May 21 09:56:07 2025 +0200 Dpkg::OpenPGP::Backend::Sequoia: Run sq in stateless mode for verification For verification and for every other OpenPGP command we always run in stateless mode, by for example creating a temporary home directory to avoid the tools (such as GnuPG), to use any implicit keyrings that we have not explicitly passed. But for sq we have not been doing that, which changes this specific backend command semantics compared to the others. Explicitly pass «--home=none» to enable stateless mode. Suggested-by: Neal H. Walfield <[email protected]> Stable-Candidate: 1.22.x --- scripts/Dpkg/OpenPGP/Backend/Sequoia.pm | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/Dpkg/OpenPGP/Backend/Sequoia.pm b/scripts/Dpkg/OpenPGP/Backend/Sequoia.pm index 09b3ec88b..32298d7d2 100644 --- a/scripts/Dpkg/OpenPGP/Backend/Sequoia.pm +++ b/scripts/Dpkg/OpenPGP/Backend/Sequoia.pm @@ -130,6 +130,8 @@ sub inline_verify my $keyring_opt = $self->{cmdv} ? '--keyring' : '--signer-file'; my @opts; + # Select stateless mode for sq. + push @opts, '--home=none' unless $self->{cmdv}; push @opts, '--cleartext'; push @opts, map { ($keyring_opt, $_) } @certs; my $tmpdir; @@ -172,6 +174,8 @@ sub verify my $keyring_opt = $self->{cmdv} ? '--keyring' : '--signer-file'; my @opts; + # Select stateless mode for sq. + push @opts, '--home=none' unless $self->{cmdv}; push @opts, map { ($keyring_opt, $_) } @certs; push @opts, '--signature-file', $sig; -- Dpkg.Org's dpkg
