[pve-devel] [PATCH manager 1/2] fix #6539: apl: use sqv instead of gpgv to verify signatures
Shannon Sterz
s.sterz at proxmox.com
Tue Jul 22 14:36:57 CEST 2025
debian trixie based installs don't ship with gpgv so take this
opportunity and use sqv directly. sqv can deal with both armored and
dearmored keys. this has the side-effect of closing #6539. which
occured, due to sequioa dropping the `--binary` option for merging
keys into a keyring and would always output them in an armored
formart. gpgv cannot handle armored keys and would therefore fail to
verify signatures.
while sqv is pre-installed, adding it as an explicit dependency should
still avoid problems if it is removed at some point (like gpgv was).
Closes: #6539
Signed-off-by: Shannon Sterz <s.sterz at proxmox.com>
---
PVE/APLInfo.pm | 2 +-
debian/control | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/PVE/APLInfo.pm b/PVE/APLInfo.pm
index 5371ad7ba..433a8ef4b 100644
--- a/PVE/APLInfo.pm
+++ b/PVE/APLInfo.pm
@@ -171,7 +171,7 @@ sub download_aplinfo {
# verify signature
my $trustedkeyring = "/usr/share/doc/pve-manager/trustedkeys.gpg";
- my $cmd = "/usr/bin/gpgv -q --keyring $trustedkeyring $sigfn $tmp";
+ my $cmd = "/usr/bin/sqv --keyring $trustedkeyring $sigfn $tmp";
my $logfunc = sub { logmsg($logfd, "signature verification: $_[0]"); };
eval { run_command($cmd, outfunc => $logfunc, errfunc => $logfunc); };
diff --git a/debian/control b/debian/control
index 8557cb1e3..ffac171c9 100644
--- a/debian/control
+++ b/debian/control
@@ -94,6 +94,7 @@ Depends: apt (>= 1.5~),
qemu-server (>= 9.0.2),
rsync,
spiceterm,
+ sqv,
systemd,
vncterm,
wget,
--
2.47.2
More information about the pve-devel
mailing list