Skip to content

openpgp: always update information about the Web of Trust#41

Closed
bjacquin wants to merge 1 commit into
gentoo:masterfrom
bjacquin:dev/beber/968583
Closed

openpgp: always update information about the Web of Trust#41
bjacquin wants to merge 1 commit into
gentoo:masterfrom
bjacquin:dev/beber/968583

Conversation

@bjacquin

@bjacquin bjacquin commented Jan 10, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

gemato can fail if /etc/gnupg/gpg.conf contains no-auto-check-trustdb while gemato needs --check-trustdb:

  $ gemato openpgp-verify-detached -K /usr/share/openpgp-keys/chetramey.asc -R --no-require-all-good /var/tmp/portage/sys-libs/readline-8.3_p3/distdir/readline-8.3.tar.gz.sig /var/tmp/portage/sys-libs/readline-8.3_p3/distdir/readline-8.3.tar.gz
  ERROR    OpenPGP verification failed for <_io.BufferedReader name='/var/tmp/portage/sys-libs/readline-8.3_p3/distdir/readline-8.3.tar.gz'> (sig in /var/tmp/portage/sys-libs/readline-8.3_p3/distdir/readline-8.3.tar.gz.sig):
           Good OpenPGP signature made using untrusted key:
           gpg: Warning: using insecure memory!
           gpg: Signature made Wed Jul  2 13:17:41 2025 UTC
           gpg:                using DSA key 7C0135FB088AAF6C66C650B9BB5869F064EA74AB
           gpg: please do a --check-trustdb
           gpg: Good signature from "Chet Ramey <chet@cwru.edu>" [unknown]
           gpg: WARNING: This key is not certified with a trusted signature!
           gpg:          There is no indication that the signature belongs to the owner.
           Primary key fingerprint: 7C01 35FB 088A AF6C 66C6  50B9 BB58 69F0 64EA 74AB

This commit circumvent the issue by forcing
--auto-check-trustdb which takes precedence over configuration file.

Closes: https://bugs.gentoo.org/968583

@mgorny

mgorny commented Jan 10, 2026

Copy link
Copy Markdown
Member

You didn't run tox!

@bjacquin
openpgp: always update information about the Web of Trust
b82a97b 
gemato can fail if /etc/gnupg/gpg.conf contains no-auto-check-trustdb
while gemato needs --check-trustdb:

  $ gemato openpgp-verify-detached -K /usr/share/openpgp-keys/chetramey.asc -R --no-require-all-good /var/tmp/portage/sys-libs/readline-8.3_p3/distdir/readline-8.3.tar.gz.sig /var/tmp/portage/sys-libs/readline-8.3_p3/distdir/readline-8.3.tar.gz
  ERROR    OpenPGP verification failed for <_io.BufferedReader name='/var/tmp/portage/sys-libs/readline-8.3_p3/distdir/readline-8.3.tar.gz'> (sig in /var/tmp/portage/sys-libs/readline-8.3_p3/distdir/readline-8.3.tar.gz.sig):
           Good OpenPGP signature made using untrusted key:
           gpg: Warning: using insecure memory!
           gpg: Signature made Wed Jul  2 13:17:41 2025 UTC
           gpg:                using DSA key 7C0135FB088AAF6C66C650B9BB5869F064EA74AB
           gpg: please do a --check-trustdb
           gpg: Good signature from "Chet Ramey <chet@cwru.edu>" [unknown]
           gpg: WARNING: This key is not certified with a trusted signature!
           gpg:          There is no indication that the signature belongs to the owner.
           Primary key fingerprint: 7C01 35FB 088A AF6C 66C6  50B9 BB58 69F0 64EA 74AB

This commit circumvent the issue by forcing
--auto-check-trustdb which takes precedence over configuration file.

Closes: https://bugs.gentoo.org/968583
Signed-off-by: Bertrand Jacquin <bertrand@jacquin.bzh>
@bjacquin

bjacquin commented Jan 10, 2026

Copy link
Copy Markdown
Contributor Author

You didn't run tox!

Good point, now done :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bjacquin @mgorny