verify-sig.eclass: Accept 1-out-of-n sigs on multisig files

If a distfile has multiple detached signatures, pass verification if at least one of them can be verified rather than requiring all of them. This is particularly helpful for upstreams where the whole set of release keys is hard to come by. Closes: https://bugs.gentoo.org/873211 Closes: https://github.com/gentoo/gentoo/pull/29224 Signed-off-by: Michał Górny <mgorny@gentoo.org>
author: Michał Górny <mgorny@gentoo.org> 2023-01-23 09:23:18 +0100
committer: Michał Górny <mgorny@gentoo.org> 2023-02-12 16:13:56 +0100
commit: 89c2617afbfe6250ee7dfd4ee4641c8f74c54004 (patch)
tree: ede9d31dc20a42aabff61ac9f57ef0c10838ac19 /eclass
parent: verify-sig.eclass: Use gemato openpgp-verify-detached (diff)
download: gentoo-89c2617afbfe6250ee7dfd4ee4641c8f74c54004.tar.gz
gentoo-89c2617afbfe6250ee7dfd4ee4641c8f74c54004.tar.bz2
gentoo-89c2617afbfe6250ee7dfd4ee4641c8f74c54004.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/eclass/verify-sig.eclass b/eclass/verify-sig.eclass
index a071139daa17..a7d6d26ed432 100644
--- a/eclass/verify-sig.eclass
+++ b/eclass/verify-sig.eclass
@@ -146,7 +146,7 @@ verify-sig_verify_detached() {
 			# https://bugs.gentoo.org/854492
 			local -x TMPDIR=/tmp
 			gemato openpgp-verify-detached -K "${key}" \
-				"${extra_args[@]}" \
+				"${extra_args[@]}" --no-require-all-good \
 				"${sig}" "${file}" ||
 				die "PGP signature verification failed"
 			;;
author	Michał Górny <mgorny@gentoo.org>	2023-01-23 09:23:18 +0100
committer	Michał Górny <mgorny@gentoo.org>	2023-02-12 16:13:56 +0100
commit	89c2617afbfe6250ee7dfd4ee4641c8f74c54004 (patch)
tree	ede9d31dc20a42aabff61ac9f57ef0c10838ac19 /eclass
parent	verify-sig.eclass: Use gemato openpgp-verify-detached (diff)
download	gentoo-89c2617afbfe6250ee7dfd4ee4641c8f74c54004.tar.gz gentoo-89c2617afbfe6250ee7dfd4ee4641c8f74c54004.tar.bz2 gentoo-89c2617afbfe6250ee7dfd4ee4641c8f74c54004.zip