[gentoo-commits] proj/portage:master commit in: bin/

Wed, 18 Jun 2025 13:01:38 -0700 

commit:     7a595efeca701c1ad2dbd198b867ffcebb9bc505
Author:     Kerin Millar <kfm <AT> plushkava <DOT> net>
AuthorDate: Wed Jun 18 18:18:44 2025 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jun 18 20:01:01 2025 +0000
URL:        https://gitweb.gentoo.org/proj/portage.git/commit/?id=7a595efe

emerge-webrsync: show a diagnostic if the key fingerprint can't be found

Presently, the check_file_signature_gpg() function will create an
ephemeral keyring in the case that the 'PORTAGE_GPG_DIR' variable is
unset or empty. It then proceeds to import Gentoo's public key block
from "gentoo-release.asc" and search for the fingerprint of the
<intrastructure <AT> gentoo.org> key before designating the key as being
ultimately trusted.

However, should that search find nothing, the program will exit without
explaining what went wrong. Address this issue by invoking die() in the
case that the search fails. The resulting diagnostic is depicted below.

 * Checking signature ...
emerge-webrsync: couldn't find a fingerprint for the <infrastructure <AT> 
gentoo.org> key

See-also: 2fa73d4e9f789db6cc8f261deea7f3d06f2fd4bb
Signed-off-by: Kerin Millar <kfm <AT> plushkava.net>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 bin/emerge-webrsync | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/bin/emerge-webrsync b/bin/emerge-webrsync
index 4032311301..9fe21e916c 100755
--- a/bin/emerge-webrsync
+++ b/bin/emerge-webrsync
@@ -305,9 +305,14 @@ check_file_signature_gpg() (
                GNUPGHOME=$(mktemp -d -- 
"${PORTAGE_TMPDIR}/portage/webrsync.XXXXXX") \
                && trap 'gpgconf -K pgp-agent' EXIT \
                && gpg --batch --import "${key}" \
-               && fingerprint=$(gpg_fingerprint '<[email protected]>') 
\
-               && gpg --batch --import-ownertrust <<<"${fingerprint}:6:" \
                || exit
+
+               # Obtain the fingerprint of the applicable signing key.
+               fingerprint=$(gpg_fingerprint '<[email protected]>') \
+               || die "couldn't find a fingerprint for the 
<[email protected]> key"
+
+               # Designate the key as being ultimately trusted.
+               gpg --batch --import-ownertrust <<<"${fingerprint}:6:" || exit
        elif [[ ! -w ${GNUPGHOME} ]]; then
                die "gpgdir is not writable: ${GNUPGHOME}"
        fi

Reply via email to