debian trixie based installs don't ship with gpgv so take this
opportunity and use sqv directly. sqv can deal with both armored and
dearmored keys. this has the side-effect of closing #6539. which
occured, due to sequioa dropping the `--binary` option for merging
keys into a keyring and would always output them in an armored
formart. gpgv cannot handle armored keys and would therefore fail to
verify signatures.
while sqv is pre-installed, adding it as an explicit dependency should
still avoid problems if it is removed at some point (like gpgv was).
Closes: #6539
Signed-off-by: Shannon Sterz <s.st...@proxmox.com>
---
PVE/APLInfo.pm | 2 +-
debian/control | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/PVE/APLInfo.pm b/PVE/APLInfo.pm
index 5371ad7ba..433a8ef4b 100644
--- a/PVE/APLInfo.pm
+++ b/PVE/APLInfo.pm
@@ -171,7 +171,7 @@ sub download_aplinfo {
# verify signature
my $trustedkeyring = "/usr/share/doc/pve-manager/trustedkeys.gpg";
- my $cmd = "/usr/bin/gpgv -q --keyring $trustedkeyring $sigfn $tmp";
+ my $cmd = "/usr/bin/sqv --keyring $trustedkeyring $sigfn $tmp";
my $logfunc = sub { logmsg($logfd, "signature verification: $_[0]"); };
eval { run_command($cmd, outfunc => $logfunc, errfunc => $logfunc); };
diff --git a/debian/control b/debian/control
index 8557cb1e3..ffac171c9 100644
--- a/debian/control
+++ b/debian/control
@@ -94,6 +94,7 @@ Depends: apt (>= 1.5~),
qemu-server (>= 9.0.2),
rsync,
spiceterm,
+ sqv,
systemd,
vncterm,
wget,
--
2.47.2
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
