Merge branch 'uk/signature-is-good-after-key-expires'

A signature on a commit that was GPG signed long time ago ought to be still valid after the key that was used to sign it has expired, but we showed them in alarming red. * uk/signature-is-good-after-key-expires: gpg-interface: signatures by expired keys are fine
author: Junio C Hamano <gitster@pobox.com> 2026-03-02 17:06:50 -0800
committer: Junio C Hamano <gitster@pobox.com> 2026-03-02 17:06:50 -0800
commit: dbae219b2271d9dc05769820e47a0178f8d25e58 (patch)
tree: 4e61e0c9ccfc478b6b0a3857532c00667660b8f1 /gpg-interface.c
parent: 9eb5b3b999cb89d4a09dcf1012784e74154026de (diff)
parent: 90695bbdaea86064398c26eb259043cadcf99a86 (diff)
download: git-dbae219b2271d9dc05769820e47a0178f8d25e58.tar.xz
1 files changed, 3 insertions, 2 deletions
diff --git a/gpg-interface.c b/gpg-interface.c
index 87fb6605fb..7e6a1520bd 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -382,7 +382,8 @@ static int verify_gpg_signed_buffer(struct signature_check *sigc,
 
 	delete_tempfile(&temp);
 
-	ret |= !strstr(gpg_stdout.buf, "\n[GNUPG:] GOODSIG ");
+	ret |= !strstr(gpg_stdout.buf, "\n[GNUPG:] GOODSIG ") &&
+	       !strstr(gpg_stdout.buf, "\n[GNUPG:] EXPKEYSIG ");
 	sigc->output = strbuf_detach(&gpg_stderr, NULL);
 	sigc->gpg_status = strbuf_detach(&gpg_stdout, NULL);
 
@@ -680,7 +681,7 @@ int check_signature(struct signature_check *sigc,
 	if (status && !sigc->output)
 		return !!status;
 
-	status |= sigc->result != 'G';
+	status |= sigc->result != 'G' && sigc->result != 'Y';
 	status |= sigc->trust_level < configured_min_trust_level;
 
 	return !!status;
author	Junio C Hamano <gitster@pobox.com>	2026-03-02 17:06:50 -0800
committer	Junio C Hamano <gitster@pobox.com>	2026-03-02 17:06:50 -0800
commit	dbae219b2271d9dc05769820e47a0178f8d25e58 (patch)
tree	4e61e0c9ccfc478b6b0a3857532c00667660b8f1 /gpg-interface.c
parent	9eb5b3b999cb89d4a09dcf1012784e74154026de (diff)
parent	90695bbdaea86064398c26eb259043cadcf99a86 (diff)
download	git-dbae219b2271d9dc05769820e47a0178f8d25e58.tar.xz