From fdce5f33b3ea516984771e16c8ac5098beaee512 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Thu, 7 Oct 2021 09:55:51 -0700 Subject: validate: Use patatt's configured keyring as fallback If b4 doesn't have an explicit keyringsrc configured, attempt to fetch it from patatt configuration instead. This avoids some very confusing situations where patatt would validate and b4 would reject. (I had an expired pubkey in my gpg default keyring, but the same pubkey had an updated expiration date in patatt's keyring.) Signed-off-by: Kees Cook Signed-off-by: Konstantin Ryabitsev Link: https://lore.kernel.org/r/20211007165551.2312946-1-keescook@chromium.org --- b4/__init__.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/b4/__init__.py b/b4/__init__.py index bc7b8dd..40f4dc4 100644 --- a/b4/__init__.py +++ b/b4/__init__.py @@ -1115,7 +1115,11 @@ class LoreMessage: config = get_main_config() sources = config.get('keyringsrc') if not sources: - sources = ['ref:::.keys', 'ref:::.local-keys', 'ref::refs/meta/keyring:'] + # fallback to patatt's keyring if none is specified for b4 + patatt_config = patatt.get_config_from_git(r'patatt\..*', multivals=['keyringsrc']) + sources = patatt_config.get('keyringsrc') + if not sources: + sources = ['ref:::.keys', 'ref:::.local-keys', 'ref::refs/meta/keyring:'] if pdir not in sources: sources.append(pdir) -- cgit v1.2.3