[dpkg] 14/15: Dpkg::Source::Package: Print the keyrings used during verification

Tue, 05 Aug 2025 11:02:47 -0700 

This is an automated email from the git hooks/post-receive script.

guillem pushed a commit to branch main
in repository dpkg.

View the commit online:
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=cda8e156554137a4a48225c5e8d102c24d725457

commit cda8e156554137a4a48225c5e8d102c24d725457
Author: Guillem Jover <[email protected]>
AuthorDate: Sat May 24 04:59:49 2025 +0200

    Dpkg::Source::Package: Print the keyrings used during verification
    
    To help trace what is being checked against, print the keyrings being
    used and the ones being skipped when they are absent from disk.
    
    Stop listing the vendor keyrings in the dpkg-source(1) man page, as that
    was only covering the Debian ones, while each vendor has their own list.
    This should not be a problem anymore now that we print the keyrings that
    we expect to use, and the ones that are absent from disk.
    
    Closes: #703364
---
 man/dpkg-source.pod            | 8 +++-----
 scripts/Dpkg/Source/Package.pm | 3 +++
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/man/dpkg-source.pod b/man/dpkg-source.pod
index 72ff62555..42699eff3 100644
--- a/man/dpkg-source.pod
+++ b/man/dpkg-source.pod
@@ -319,11 +319,9 @@ Do not overwrite the extraction directory if it already 
exists
 
 Refuse to unpack the source package if it doesn't contain an OpenPGP
 signature that can be verified (since dpkg 1.15.0) either with the user's
-I<trustedkeys.gpg> keyring, one of the vendor-specific keyrings, or one
-of the official Debian keyrings
-(I</usr/share/keyrings/debian-keyring.gpg>,
-I</usr/share/keyrings/debian-nonupload.gpg> and
-I</usr/share/keyrings/debian-maintainers.gpg>).
+I<trustedkeys.gpg> keyring, or
+one of the vendor-specific keyrings,
+including any parent vendor keyrings if relevant.
 
 =item B<--require-strong-checksums>
 
diff --git a/scripts/Dpkg/Source/Package.pm b/scripts/Dpkg/Source/Package.pm
index 33e6501b1..8d2edd98d 100644
--- a/scripts/Dpkg/Source/Package.pm
+++ b/scripts/Dpkg/Source/Package.pm
@@ -532,6 +532,9 @@ sub check_signature {
     foreach my $vendor_keyring (run_vendor_hook('package-keyrings')) {
         if (-r $vendor_keyring) {
             push @certs, $vendor_keyring;
+            info(g_('using keyring %s'), $vendor_keyring);
+        } else {
+            info(g_('skipping absent keyring %s'), $vendor_keyring);
         }
     }
 

-- 
Dpkg.Org's dpkg

Reply via email to