This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch main in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=82234f656201678fc2d6ff0d77ae02d42fe1ef33 commit 82234f656201678fc2d6ff0d77ae02d42fe1ef33 Author: Guillem Jover <guil...@debian.org> AuthorDate: Sat Dec 23 01:30:14 2023 +0100 Dpkg::OpenPGP::Backend::GnuPG: Accept keybox format keyrings as-is Do not try to dearmor keyrings in keybox-format, as that is not proper OpenPGP data. --- scripts/Dpkg/OpenPGP/Backend/GnuPG.pm | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/Dpkg/OpenPGP/Backend/GnuPG.pm b/scripts/Dpkg/OpenPGP/Backend/GnuPG.pm index 7b108dd14..942b88acf 100644 --- a/scripts/Dpkg/OpenPGP/Backend/GnuPG.pm +++ b/scripts/Dpkg/OpenPGP/Backend/GnuPG.pm @@ -245,7 +245,10 @@ sub _gpg_verify { # XXX: The internal dearmor() does not handle concatenated ASCII Armor, # but the old implementation handled such certificate keyrings, so to # avoid regressing for now, we fallback to use the GnuPG dearmor. - if (defined $self->{cmd}) { + if ($cert =~ m{\.kbx$}) { + # Accept GnuPG apparent keybox-format keyrings as-is. + $rc = 1; + } elsif (defined $self->{cmd}) { $rc = $self->_gpg_exec($self->{cmd}, @cmd_opts, '--yes', '--output', $certring, '--dearmor', $cert); -- Dpkg.Org's dpkg