diff options
author | Kees Cook <keescook@chromium.org> | 2021-10-07 09:55:51 -0700 |
---|---|---|
committer | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2021-10-07 13:41:09 -0400 |
commit | fdce5f33b3ea516984771e16c8ac5098beaee512 (patch) | |
tree | 0b80331b63b7345fb265d81ee57a769113d12e54 | |
parent | d8937ede7064a74623a9d1ef260d5d50a146dd44 (diff) | |
download | b4-fdce5f33b3ea516984771e16c8ac5098beaee512.tar.gz |
validate: Use patatt's configured keyring as fallback
If b4 doesn't have an explicit keyringsrc configured, attempt to fetch
it from patatt configuration instead. This avoids some very confusing
situations where patatt would validate and b4 would reject. (I had an
expired pubkey in my gpg default keyring, but the same pubkey had an
updated expiration date in patatt's keyring.)
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Link: https://lore.kernel.org/r/20211007165551.2312946-1-keescook@chromium.org
-rw-r--r-- | b4/__init__.py | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/b4/__init__.py b/b4/__init__.py index bc7b8dd..40f4dc4 100644 --- a/b4/__init__.py +++ b/b4/__init__.py @@ -1115,7 +1115,11 @@ class LoreMessage: config = get_main_config() sources = config.get('keyringsrc') if not sources: - sources = ['ref:::.keys', 'ref:::.local-keys', 'ref::refs/meta/keyring:'] + # fallback to patatt's keyring if none is specified for b4 + patatt_config = patatt.get_config_from_git(r'patatt\..*', multivals=['keyringsrc']) + sources = patatt_config.get('keyringsrc') + if not sources: + sources = ['ref:::.keys', 'ref:::.local-keys', 'ref::refs/meta/keyring:'] if pdir not in sources: sources.append(pdir) |