Konstantin Ryabitsev wrote:
>gpg --verify (and gpgv) will return 0 even if the key is revoked or
>expired, so you can't really rely on exit code alone. The following is
>the right approach:
>
>gpgv --homedir /tmp --keyring %{SOURCE2} --status-fd=1 %{SOURCE1}
>%{SOURCE0} | grep -q '^\[GNUPG:\] GOODSIG'
Will that check start to fail when the key expires? Do we want packages
to start failing to build just because a certain date has passed?
Or does the check fail only if the key had already expired when the
signature was made?
--
Björn Persson
Sent from my computer.
Attachment:
signature.asc
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
