handle GpgDisableVerify and ignore-signatures consistently

and be less verbose
2026-05-30 04:20:53 +00:00 · 2024-07-03 00:11:01 +02:00
parent d16110068c
commit c1f7e5fe96
12 changed files with 31 additions and 18 deletions
@@ -163,8 +163,8 @@ func NewGpgVerifier(finder GPGFinder) *GpgVerifier {
 }

 // InitKeyring verifies that gpg is installed and some keys are trusted
-func (g *GpgVerifier) InitKeyring() error {
-	if len(g.keyRings) == 0 {
+func (g *GpgVerifier) InitKeyring(verbose bool) error {
+	if len(g.keyRings) == 0 && verbose {
 		// using default keyring
 		output, err := exec.Command(g.gpg, "--no-default-keyring", "--no-auto-check-trustdb", "--keyring", "trustedkeys.gpg", "--list-keys").Output()
 		if err == nil && len(output) == 0 {