This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch main in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=6efc85c783b7a1b3aa4f18bb3a9be5faa2989dea commit 6efc85c783b7a1b3aa4f18bb3a9be5faa2989dea Author: Guillem Jover <[email protected]> AuthorDate: Wed May 21 09:50:56 2025 +0200 Dpkg::OpenPGP::Backend::Sequoia: Do not run sq/sqv to verify with no keyrings Both sq and sqv support expect a keyring to be able to verify the signatures, and produce rather confusing and alarming diagnostics, which by default are emitted as warnings. In case we have no keyrings to pass (because they are not present on disk for example), skip the commands invocation, and return an error to the effect that no valid signatures could be found. In the future we should instead print the keyrings that we are using and the ones we are skipping, and print a specific error message for this condition, to make the error condition more clear, but for now this is the minimal change that gives a less confusing UI. Closes: #1106148 Stable-Candidate: 1.22.x --- scripts/Dpkg/OpenPGP/Backend/Sequoia.pm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/Dpkg/OpenPGP/Backend/Sequoia.pm b/scripts/Dpkg/OpenPGP/Backend/Sequoia.pm index 2d50b0921..09b3ec88b 100644 --- a/scripts/Dpkg/OpenPGP/Backend/Sequoia.pm +++ b/scripts/Dpkg/OpenPGP/Backend/Sequoia.pm @@ -123,6 +123,7 @@ sub inline_verify my ($self, $inlinesigned, $data, @certs) = @_; return OPENPGP_MISSING_CMD unless ($self->{cmdv} || $self->{cmd}); + return OPENPGP_NO_SIG if @certs == 0; # XXX: sqv does not support --signer-file. See: # <https://gitlab.com/sequoia-pgp/sequoia-sqv/-/issues/11>. @@ -164,6 +165,7 @@ sub verify my ($self, $data, $sig, @certs) = @_; return OPENPGP_MISSING_CMD unless ($self->{cmdv} || $self->{cmd}); + return OPENPGP_NO_SIG if @certs == 0; # XXX: sqv does not support --signer-file. See: # <https://gitlab.com/sequoia-pgp/sequoia-sqv/-/issues/11>. -- Dpkg.Org's dpkg
