1 |
If a distfile has multiple detached signatures, pass verification |
2 |
if at least one of them can be verified rather than requiring all |
3 |
of them. This is particularly helpful for upstreams where the whole |
4 |
set of release keys is hard to come by. |
5 |
|
6 |
Closes: https://bugs.gentoo.org/873211 |
7 |
Signed-off-by: Michał Górny <mgorny@g.o> |
8 |
--- |
9 |
eclass/verify-sig.eclass | 2 +- |
10 |
1 file changed, 1 insertion(+), 1 deletion(-) |
11 |
|
12 |
diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass |
13 |
index 95e8b357893a..2c8311db49f9 100644 |
14 |
--- a/eclass/verify-sig.eclass |
15 |
+++ b/eclass/verify-sig.eclass |
16 |
@@ -146,7 +146,7 @@ verify-sig_verify_detached() { |
17 |
# https://bugs.gentoo.org/854492 |
18 |
local -x TMPDIR=/tmp |
19 |
gemato openpgp-verify-detached -K "${key}" \ |
20 |
- "${extra_args[@]}" \ |
21 |
+ "${extra_args[@]}" --no-require-all-good \ |
22 |
"${sig}" "${file}" || |
23 |
die "PGP signature verification failed" |
24 |
;; |
25 |
-- |
26 |
2.39.1 |