From 89c2617afbfe6250ee7dfd4ee4641c8f74c54004 Mon Sep 17 00:00:00 2001
From: Michał Górny <mgorny@gentoo.org>
Date: Mon, 23 Jan 2023 09:23:18 +0100
Subject: verify-sig.eclass: Accept 1-out-of-n sigs on multisig files
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

If a distfile has multiple detached signatures, pass verification
if at least one of them can be verified rather than requiring all
of them.  This is particularly helpful for upstreams where the whole
set of release keys is hard to come by.

Closes: https://bugs.gentoo.org/873211
Closes: https://github.com/gentoo/gentoo/pull/29224
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
 eclass/verify-sig.eclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'eclass/verify-sig.eclass')

diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass
index a071139daa17..a7d6d26ed432 100644
--- a/eclass/verify-sig.eclass
+++ b/eclass/verify-sig.eclass
@@ -146,7 +146,7 @@ verify-sig_verify_detached() {
 			# https://bugs.gentoo.org/854492
 			local -x TMPDIR=/tmp
 			gemato openpgp-verify-detached -K "${key}" \
-				"${extra_args[@]}" \
+				"${extra_args[@]}" --no-require-all-good \
 				"${sig}" "${file}" ||
 				die "PGP signature verification failed"
 			;;
-- 
cgit v1.2.3-65-gdbad