From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 460FA1FF16F for ; Tue, 22 Jul 2025 14:35:51 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id D7D6391BB; Tue, 22 Jul 2025 14:37:02 +0200 (CEST) From: Shannon Sterz To: pve-devel@lists.proxmox.com Date: Tue, 22 Jul 2025 14:36:57 +0200 Message-ID: <20250722123658.196232-1-s.sterz@proxmox.com> X-Mailer: git-send-email 2.47.2 MIME-Version: 1.0 X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1753187811135 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.023 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [aplinfo.pm] Subject: [pve-devel] [PATCH manager 1/2] fix #6539: apl: use sqv instead of gpgv to verify signatures X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" debian trixie based installs don't ship with gpgv so take this opportunity and use sqv directly. sqv can deal with both armored and dearmored keys. this has the side-effect of closing #6539. which occured, due to sequioa dropping the `--binary` option for merging keys into a keyring and would always output them in an armored formart. gpgv cannot handle armored keys and would therefore fail to verify signatures. while sqv is pre-installed, adding it as an explicit dependency should still avoid problems if it is removed at some point (like gpgv was). Closes: #6539 Signed-off-by: Shannon Sterz --- PVE/APLInfo.pm | 2 +- debian/control | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/PVE/APLInfo.pm b/PVE/APLInfo.pm index 5371ad7ba..433a8ef4b 100644 --- a/PVE/APLInfo.pm +++ b/PVE/APLInfo.pm @@ -171,7 +171,7 @@ sub download_aplinfo { # verify signature my $trustedkeyring = "/usr/share/doc/pve-manager/trustedkeys.gpg"; - my $cmd = "/usr/bin/gpgv -q --keyring $trustedkeyring $sigfn $tmp"; + my $cmd = "/usr/bin/sqv --keyring $trustedkeyring $sigfn $tmp"; my $logfunc = sub { logmsg($logfd, "signature verification: $_[0]"); }; eval { run_command($cmd, outfunc => $logfunc, errfunc => $logfunc); }; diff --git a/debian/control b/debian/control index 8557cb1e3..ffac171c9 100644 --- a/debian/control +++ b/debian/control @@ -94,6 +94,7 @@ Depends: apt (>= 1.5~), qemu-server (>= 9.0.2), rsync, spiceterm, + sqv, systemd, vncterm, wget, -- 2.47.2 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel