Fix misuse of gpg_verify

dralley · dralley · commit 98a5c0266091 · 2026-04-21T11:27:15.000-04:00
It was trying to verify a detached signature without providing the
detached data.
diff --git a/pulp_container/app/models.py b/pulp_container/app/models.py
@@ -698,7 +698,7 @@ def validate(self):
                 manifest_file.name, env_vars={"REFERENCE": "test", "SIG_PATH": sig_path}
             )
 
-            gpg_verify(self.public_key, signed["signature_path"])
+            gpg_verify(self.public_key, signed["signature_path"], detached_data=manifest_file.name)
 
 
 class ContainerRepository(

Original file line number	Diff line number	Diff line change
`@@ -698,7 +698,7 @@ def validate(self):`
`698`	`698`	`manifest_file.name, env_vars={"REFERENCE": "test", "SIG_PATH": sig_path}`
`699`	`699`	`)`
`700`	`700`
`701`		`- gpg_verify(self.public_key, signed["signature_path"])`
	`701`	`+ gpg_verify(self.public_key, signed["signature_path"], detached_data=manifest_file.name)`
`702`	`702`
`703`	`703`
`704`	`704`	`class ContainerRepository(`