From 3847a92a365a96270ab0de6111f349e98379f930 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Thu, 7 Oct 2021 09:55:51 -0700 Subject: validate: Use patatt's configured keyring as fallback If b4 doesn't have an explicit keyringsrc configured, attempt to fetch it from patatt configuration instead. This avoids some very confusing situations where patatt would validate and b4 would reject. (I had an expired pubkey in my gpg default keyring, but the same pubkey had an updated expiration date in patatt's keyring.) Signed-off-by: Kees Cook Signed-off-by: Konstantin Ryabitsev Link: https://lore.kernel.org/r/20211007165551.2312946-1-keescook@chromium.org --- b4/__init__.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/b4/__init__.py b/b4/__init__.py index b352d6a..f8766d5 100644 --- a/b4/__init__.py +++ b/b4/__init__.py @@ -1117,7 +1117,11 @@ class LoreMessage: config = get_main_config() sources = config.get('keyringsrc') if not sources: - sources = ['ref:::.keys', 'ref:::.local-keys', 'ref::refs/meta/keyring:'] + # fallback to patatt's keyring if none is specified for b4 + patatt_config = patatt.get_config_from_git(r'patatt\..*', multivals=['keyringsrc']) + sources = patatt_config.get('keyringsrc') + if not sources: + sources = ['ref:::.keys', 'ref:::.local-keys', 'ref::refs/meta/keyring:'] if pdir not in sources: sources.append(pdir) -- cgit v1.2.3