| commit | b698489dbe1ce237089038f6fd61138aa1638c43 | |
| author | Guillem Jover <guillem@debian.org> | |
| Mon, 16 Jan 2023 03:20:17 +0000 (16 04:20 +0100) | ||
| committer | Guillem Jover <guillem@debian.org> | |
| Mon, 16 Jan 2023 12:11:20 +0000 (16 13:11 +0100) | ||
| tree | b91a7201824bcf29c764b219ed5b9a348dfa4c93 | treesnapshot (tar.gz zip) |
| parent | 9cca3e8fedc64977a446854b2fded4b2b01b7c53 | commitdiff |
Dpkg::OpenPGP::Backend::GnuPG: Fallback to use «gpg dearmor» if present
When verifying a signature, we were using the internal dearmor() method,
as that makes it possible to not have gpg around when we are using gpgv.
The problem is that the internal dearmor() method does not handle
concatenated ASCII Armor blocks, and might then fail to find the
certificates. When using gpgv this is only a partial regression as
we were previously not verifying at all on minimal systems where gpg
was not available. But when it is available, now that has regressed.
In the future we might require no concatenated ASCII Armor blocks,
but for now let's mitigate this regression.
Fixes: commit a11d7340da2f679fc673d92767dfefcbb3eb1e69
Reported-by: Sven Joachim <svenjoac@gmx.de> (on IRC)
When verifying a signature, we were using the internal dearmor() method,
as that makes it possible to not have gpg around when we are using gpgv.
The problem is that the internal dearmor() method does not handle
concatenated ASCII Armor blocks, and might then fail to find the
certificates. When using gpgv this is only a partial regression as
we were previously not verifying at all on minimal systems where gpg
was not available. But when it is available, now that has regressed.
In the future we might require no concatenated ASCII Armor blocks,
but for now let's mitigate this regression.
Fixes: commit a11d7340da2f679fc673d92767dfefcbb3eb1e69
Reported-by: Sven Joachim <svenjoac@gmx.de> (on IRC)
| scripts/Dpkg/OpenPGP/Backend/GnuPG.pm | diffblobblamehistory |