aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2021-10-07 09:55:51 -0700
committerKonstantin Ryabitsev <konstantin@linuxfoundation.org>2021-10-07 13:41:09 -0400
commitfdce5f33b3ea516984771e16c8ac5098beaee512 (patch)
tree0b80331b63b7345fb265d81ee57a769113d12e54
parentd8937ede7064a74623a9d1ef260d5d50a146dd44 (diff)
downloadb4-fdce5f33b3ea516984771e16c8ac5098beaee512.tar.gz
validate: Use patatt's configured keyring as fallback
If b4 doesn't have an explicit keyringsrc configured, attempt to fetch it from patatt configuration instead. This avoids some very confusing situations where patatt would validate and b4 would reject. (I had an expired pubkey in my gpg default keyring, but the same pubkey had an updated expiration date in patatt's keyring.) Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org> Link: https://lore.kernel.org/r/20211007165551.2312946-1-keescook@chromium.org
-rw-r--r--b4/__init__.py6
1 files changed, 5 insertions, 1 deletions
diff --git a/b4/__init__.py b/b4/__init__.py
index bc7b8dd..40f4dc4 100644
--- a/b4/__init__.py
+++ b/b4/__init__.py
@@ -1115,7 +1115,11 @@ class LoreMessage:
config = get_main_config()
sources = config.get('keyringsrc')
if not sources:
- sources = ['ref:::.keys', 'ref:::.local-keys', 'ref::refs/meta/keyring:']
+ # fallback to patatt's keyring if none is specified for b4
+ patatt_config = patatt.get_config_from_git(r'patatt\..*', multivals=['keyringsrc'])
+ sources = patatt_config.get('keyringsrc')
+ if not sources:
+ sources = ['ref:::.keys', 'ref:::.local-keys', 'ref::refs/meta/keyring:']
if pdir not in sources:
sources.append(pdir)