tools.linux.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] validate: Use patatt's configured keyring as fallback
@ 2021-10-07 16:55 Kees Cook
  2021-10-07 17:41 ` Konstantin Ryabitsev
  0 siblings, 1 reply; 2+ messages in thread
From: Kees Cook @ 2021-10-07 16:55 UTC (permalink / raw)
  To: Konstantin Ryabitsev; +Cc: Kees Cook, tools

If b4 doesn't have an explicit keyringsrc configured, attempt to fetch
it from patatt configuration instead. This avoids some very confusing
situations where patatt would validate and b4 would reject. (I had an
expired pubkey in my gpg default keyring, but the same pubkey had an
updated expiration date in patatt's keyring.)

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 b4/__init__.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/b4/__init__.py b/b4/__init__.py
index 47272bb4bdd7..a895e3a6f4d0 100644
--- a/b4/__init__.py
+++ b/b4/__init__.py
@@ -1117,7 +1117,11 @@ class LoreMessage:
         config = get_main_config()
         sources = config.get('keyringsrc')
         if not sources:
-            sources = ['ref:::.keys', 'ref:::.local-keys', 'ref::refs/meta/keyring:']
+            # fallback to patatt's keyring if none is specified for b4
+            patatt_config = patatt.get_config_from_git(r'patatt\..*', multivals=['keyringsrc'])
+            sources = patatt_config.get('keyringsrc')
+            if not sources:
+                sources = ['ref:::.keys', 'ref:::.local-keys', 'ref::refs/meta/keyring:']
         if pdir not in sources:
             sources.append(pdir)
 
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] validate: Use patatt's configured keyring as fallback
  2021-10-07 16:55 [PATCH] validate: Use patatt's configured keyring as fallback Kees Cook
@ 2021-10-07 17:41 ` Konstantin Ryabitsev
  0 siblings, 0 replies; 2+ messages in thread
From: Konstantin Ryabitsev @ 2021-10-07 17:41 UTC (permalink / raw)
  To: Kees Cook; +Cc: tools

On Thu, 7 Oct 2021 09:55:51 -0700, Kees Cook wrote:
> If b4 doesn't have an explicit keyringsrc configured, attempt to fetch
> it from patatt configuration instead. This avoids some very confusing
> situations where patatt would validate and b4 would reject. (I had an
> expired pubkey in my gpg default keyring, but the same pubkey had an
> updated expiration date in patatt's keyring.)
> 
> 
> [...]

Applied, thanks!

[1/1] validate: Use patatt's configured keyring as fallback
      commit: 3847a92a365a96270ab0de6111f349e98379f930

Best regards,
-- 
Konstantin Ryabitsev <konstantin@linuxfoundation.org>

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-10-07 17:42 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-07 16:55 [PATCH] validate: Use patatt's configured keyring as fallback Kees Cook
2021-10-07 17:41 ` Konstantin Ryabitsev

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).