kernel
/
git
mirror of https://git.kernel.org/pub/scm/git/git.git
1
0
Fork 0
Code Releases Activity

Merge branch 'uk/signature-is-good-after-key-expires' 

A signature on a commit that was GPG signed long time ago ought to
be still valid after the key that was used to sign it has expired,
but we showed them in alarming red.

* uk/signature-is-good-after-key-expires:
  gpg-interface: signatures by expired keys are fine
maint
Junio C Hamano 2026-03-02 17:06:50 -08:00
parent 9eb5b3b999 90695bbdae
commit dbae219b22
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
gpg-interface.c
View File

@ -382,7 +382,8 @@ static int verify_gpg_signed_buffer(struct signature_check *sigc,

delete_tempfile(&temp);

ret |= !strstr(gpg_stdout.buf, "\n[GNUPG:] GOODSIG ");
ret |= !strstr(gpg_stdout.buf, "\n[GNUPG:] GOODSIG ") &&
!strstr(gpg_stdout.buf, "\n[GNUPG:] EXPKEYSIG ");
sigc->output = strbuf_detach(&gpg_stderr, NULL);
sigc->gpg_status = strbuf_detach(&gpg_stdout, NULL);

@ -680,7 +681,7 @@ int check_signature(struct signature_check *sigc,
if (status && !sigc->output)
return !!status;

status |= sigc->result != 'G';
status |= sigc->result != 'G' && sigc->result != 'Y';
status |= sigc->trust_level < configured_min_trust_level;

return !!status;