[gentoo-commits] proj/gemato:master commit in: gemato/

Sat, 10 Jan 2026 06:44:14 -0800 

commit:     5917709d5d06c001df1a206d064668361ea60f4a
Author:     Bertrand Jacquin <bertrand <AT> jacquin <DOT> bzh>
AuthorDate: Sat Jan 10 11:21:30 2026 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Sat Jan 10 14:41:57 2026 +0000
URL:        https://gitweb.gentoo.org/proj/gemato.git/commit/?id=5917709d

openpgp: always update information about the Web of Trust

gemato can fail if /etc/gnupg/gpg.conf contains no-auto-check-trustdb
while gemato needs --check-trustdb:

  $ gemato openpgp-verify-detached -K /usr/share/openpgp-keys/chetramey.asc -R 
--no-require-all-good 
/var/tmp/portage/sys-libs/readline-8.3_p3/distdir/readline-8.3.tar.gz.sig 
/var/tmp/portage/sys-libs/readline-8.3_p3/distdir/readline-8.3.tar.gz
  ERROR    OpenPGP verification failed for <_io.BufferedReader 
name='/var/tmp/portage/sys-libs/readline-8.3_p3/distdir/readline-8.3.tar.gz'> 
(sig in 
/var/tmp/portage/sys-libs/readline-8.3_p3/distdir/readline-8.3.tar.gz.sig):
           Good OpenPGP signature made using untrusted key:
           gpg: Warning: using insecure memory!
           gpg: Signature made Wed Jul  2 13:17:41 2025 UTC
           gpg:                using DSA key 
7C0135FB088AAF6C66C650B9BB5869F064EA74AB
           gpg: please do a --check-trustdb
           gpg: Good signature from "Chet Ramey <chet <AT> cwru.edu>" [unknown]
           gpg: WARNING: This key is not certified with a trusted signature!
           gpg:          There is no indication that the signature belongs to 
the owner.
           Primary key fingerprint: 7C01 35FB 088A AF6C 66C6  50B9 BB58 69F0 
64EA 74AB

This commit circumvent the issue by forcing
--auto-check-trustdb which takes precedence over configuration file.

Closes: https://bugs.gentoo.org/968583
Signed-off-by: Bertrand Jacquin <bertrand <AT> jacquin.bzh>
Part-of: https://github.com/gentoo/gemato/pull/41
Closes: https://github.com/gentoo/gemato/pull/41
Signed-off-by: Michał Górny <mgorny <AT> gentoo.org>

 gemato/openpgp.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/gemato/openpgp.py b/gemato/openpgp.py
index 1d2823a..8c2647e 100644
--- a/gemato/openpgp.py
+++ b/gemato/openpgp.py
@@ -374,7 +374,8 @@ class SystemGPGEnvironment:
         """
 
         exitst, out, err = self._spawn_gpg(
-            [GNUPG, '--batch', '--status-fd', '1', '--verify'],
+            [GNUPG, '--batch', '--auto-check-trustdb',
+             '--status-fd', '1', '--verify'],
             f.read().encode('utf8'))
         return self._process_gpg_verify_output(out, err, require_all_good)
 
@@ -398,7 +399,8 @@ class SystemGPGEnvironment:
         """
 
         _, out, err = self._spawn_gpg(
-            [GNUPG, "--batch", "--status-fd", "1", "--verify",
+            [GNUPG, "--batch", "--auto-check-trustdb",
+             "--status-fd", "1", "--verify",
              str(signature_file), "-"],
             stdin_file=data_file)
         return self._process_gpg_verify_output(out, err, require_all_good)

Reply via email to