commit: 014a26bb2e7e746cbd4a474a3d84075132b6c916 Author: Michał Górny <mgorny <AT> gentoo <DOT> org> AuthorDate: Mon Feb 13 19:26:19 2023 +0000 Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> CommitDate: Mon Feb 13 19:27:35 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=014a26bb
verify-sig.eclass: Revert "Use gemato openpgp-verify-detached" This is causing verification failures when verifying old signatures made with now-expired keys. Reverts: 75ea89a43b8d3efb6b264296f819d04d3c18c3af Bug: https://bugs.gentoo.org/894164 Signed-off-by: Michał Górny <mgorny <AT> gentoo.org> eclass/verify-sig.eclass | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass index a071139daa17..91433bf53453 100644 --- a/eclass/verify-sig.eclass +++ b/eclass/verify-sig.eclass @@ -65,9 +65,8 @@ case ${VERIFY_SIG_METHOD} in BDEPEND=" verify-sig? ( app-crypt/gnupg - >=app-portage/gemato-18.0 - ) - " + >=app-portage/gemato-16 + )" ;; signify) BDEPEND="verify-sig? ( app-crypt/signify )" @@ -145,9 +144,8 @@ verify-sig_verify_detached() { # gpg can't handle very long TMPDIR # https://bugs.gentoo.org/854492 local -x TMPDIR=/tmp - gemato openpgp-verify-detached -K "${key}" \ - "${extra_args[@]}" \ - "${sig}" "${file}" || + gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \ + gpg --verify "${sig}" "${file}" || die "PGP signature verification failed" ;; signify)
