MSYS2-packages/pacman/0025-pacman-key-pass-allow-weak-key-signatures-during-imp.patch

From 4578696d0cd348bff5ff6b8c25ba19c85c80a84f Mon Sep 17 00:00:00 2001
From: Christoph Reiter <reiter.christoph@gmail.com>
Date: Fri, 8 Dec 2023 12:55:32 +0100
Subject: [PATCH 25/N] pacman-key: pass --allow-weak-key-signatures during
 import

Our keyring contains SHA1 signatures, which gnupg 2.4 no longer imports
by default. We can't easily get rid of them now, so allow them for now.

See https://github.com/msys2/MSYS2-keyring/issues/45
---
 scripts/pacman-key.sh.in | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/scripts/pacman-key.sh.in b/scripts/pacman-key.sh.in
index 5ff54a4..85ceda9 100644
--- a/scripts/pacman-key.sh.in
+++ b/scripts/pacman-key.sh.in
@@ -319,7 +319,9 @@ populate_keyring() {
 	# Add keys from requested keyrings
 	for keyring in "${KEYRINGIDS[@]}"; do
 		msg "$(gettext "Appending keys from %s.gpg...")" "$keyring"
-		"${GPG_PACMAN[@]}" --quiet --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg"
+		# FIXME: --allow-weak-key-signatures is a workaround for
+		# https://github.com/msys2/MSYS2-keyring/issues/45
+		"${GPG_PACMAN[@]}" --allow-weak-key-signatures --quiet --import "${KEYRING_IMPORT_DIR}/${keyring}.gpg"
 	done
 
 	# Read the trusted key IDs to an array. Because this is an ownertrust
@@ -566,7 +568,9 @@ refresh_keys() {
 		done
 
 		# if no key was found, fall back to using the keyservers (with the key fingerprint instead)
-		if (( $? )) &&  ! "${GPG_PACMAN[@]}" --refresh-keys "$id"; then
+		# FIXME: --allow-weak-key-signatures is a workaround for
+		# https://github.com/msys2/MSYS2-keyring/issues/45
+		if (( $? )) &&  ! "${GPG_PACMAN[@]}" --allow-weak-key-signatures --refresh-keys "$id"; then
 			error "$(gettext "Could not update key: %s")" "$id"
 			ret=1
 		fi