From 3847a92a365a96270ab0de6111f349e98379f930 Mon Sep 17 00:00:00 2001
From: Kees Cook <keescook@chromium.org>
Date: Thu, 7 Oct 2021 09:55:51 -0700
Subject: validate: Use patatt's configured keyring as fallback

If b4 doesn't have an explicit keyringsrc configured, attempt to fetch
it from patatt configuration instead. This avoids some very confusing
situations where patatt would validate and b4 would reject. (I had an
expired pubkey in my gpg default keyring, but the same pubkey had an
updated expiration date in patatt's keyring.)

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Link: https://lore.kernel.org/r/20211007165551.2312946-1-keescook@chromium.org
---
 b4/__init__.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/b4/__init__.py b/b4/__init__.py
index b352d6a..f8766d5 100644
--- a/b4/__init__.py
+++ b/b4/__init__.py
@@ -1117,7 +1117,11 @@ class LoreMessage:
         config = get_main_config()
         sources = config.get('keyringsrc')
         if not sources:
-            sources = ['ref:::.keys', 'ref:::.local-keys', 'ref::refs/meta/keyring:']
+            # fallback to patatt's keyring if none is specified for b4
+            patatt_config = patatt.get_config_from_git(r'patatt\..*', multivals=['keyringsrc'])
+            sources = patatt_config.get('keyringsrc')
+            if not sources:
+                sources = ['ref:::.keys', 'ref:::.local-keys', 'ref::refs/meta/keyring:']
         if pdir not in sources:
             sources.append(pdir)
 
-- 
cgit v1.2.3