commit: f5dc1650a2735eea694fb2f121257040ca28f3d3
Author: Kerin Millar <kfm <AT> plushkava <DOT> net>
AuthorDate: Sun Jun 15 22:19:27 2025 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jun 16 01:16:56 2025 +0000
URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=f5dc1650
emerge-webrsync: don't let check_file_signature_gpg_unwrapped() modify the r
variable
Presently, the check_file_signature_gpg_unwrapped() sets the 'r'
variable to a value of 0 upon confirming that the PGP signature is good.
However, the 'r' variable is not its property; it actually belongs to
the check_file_signature() function in its capacity as a caller.
Rather than modify the variable in question, have the function return
successfully upon confirming that the signature is good.
Signed-off-by: Kerin Millar <kfm <AT> plushkava.net>
Signed-off-by: Sam James <sam <AT> gentoo.org>
bin/emerge-webrsync | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/bin/emerge-webrsync b/bin/emerge-webrsync
index 15c234474b..b27cb67ee2 100755
--- a/bin/emerge-webrsync
+++ b/bin/emerge-webrsync
@@ -321,18 +321,14 @@ check_file_signature_gpg_unwrapped() {
--status-fd 1 --verify "${signature}" "${file}"); then
while read -r line; do
if [[ ${line} == "[GNUPG:] GOODSIG"* ]]; then
- r=0
- break
+ return
fi
done <<< "${gnupg_status}"
fi
- if [[ ${r} -ne 0 ]]; then
- # Exit early since it's typically inappropriate to
- # try other mirrors in this case (it may indicate
- # a keyring problem).
- die "signature verification failed"
- fi
+ # Exit early since it's typically inappropriate to try other
+ # mirrors in this case (it may indicate a keyring problem).
+ die "signature verification failed"
else
die "cannot check signature: gpg binary not found"
fi
