Check GPG keyrings for read access before using them.

Otherwise gpgv will reject files with a valid signature when the keyring is not readable. Closes: #1027263
author: Christoph Goehre <chris@sigxcpu.org> 2023-11-23 16:00:43 +0000
committer: Christoph Goehre <chris@sigxcpu.org> 2023-11-23 16:00:43 +0000
commit: ad12a309987683f89d7e6ac70defbc38b9d44c81 (patch)
tree: 46dd2d2b9cef164f86a902065f3dffaf4f0987f4
parent: 298f88dfda244285fe681e9787114c9da1bc7858 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/minidinstall/DebianSigVerifier.py b/minidinstall/DebianSigVerifier.py
index 17a6ec2..18082d1 100644
--- a/minidinstall/DebianSigVerifier.py
+++ b/minidinstall/DebianSigVerifier.py
@@ -23,6 +23,7 @@ from .GPGSigVerifier import *
 
 class DebianSigVerifier(GPGSigVerifier):
     _dpkg_ring = '/etc/dpkg/local-keyring.gpg'
+    keyrings_r_ok = []
 
     def __init__(self, keyrings=None, extra_keyrings=None):
         if not keyrings:
@@ -31,6 +32,9 @@ class DebianSigVerifier(GPGSigVerifier):
             keyrings.append(self._dpkg_ring)
         if extra_keyrings:
             keyrings.extend(extra_keyrings)
-        GPGSigVerifier.__init__(self, keyrings)
+        for keyring in keyrings:
+            if os.access(keyring, os.R_OK):
+                self.keyrings_r_ok.append(keyring)
+        GPGSigVerifier.__init__(self, self.keyrings_r_ok)
 
 # vim:ts=4:sw=4:et:
author	Christoph Goehre <chris@sigxcpu.org>	2023-11-23 16:00:43 +0000
committer	Christoph Goehre <chris@sigxcpu.org>	2023-11-23 16:00:43 +0000
commit	ad12a309987683f89d7e6ac70defbc38b9d44c81 (patch)
tree	46dd2d2b9cef164f86a902065f3dffaf4f0987f4
parent	298f88dfda244285fe681e9787114c9da1bc7858 (diff)