b68209b6d4
During a deploy operation, we would fetch commit objects from the remote to resolve the version string. If gpg-verify was turned on, we would fail to pull them if some of the commits were not signed. This is because we pulled them in batches. We partially address this by only fetching the HEAD commit on the first pass. This allows `upgrade` operations to work just as well as `deploy` operations. Though there is still an issue if we have to traverse farther back than when signed commits become unsigned (unless they happen to fall on a batch boundary). We leave that unsolved for now, since that would likely require a more complex solution and it's not clear whether it's a real world issue (signers can just retroactively sign commits). Copy the gpghome from ostree so that we can test GPG-related cases in our suite. Closes: #527 Closes: #557 Approved by: cgwalters
Symbolic link
1 line
19 B
Plaintext
Symbolic link
1 line
19 B
Plaintext
trusted/pubring.gpg |