Dpkg::OpenPGP: Require gpgv and do not fallback to gpg to verify signatures

Using gpgv exclusively for signature verification is better, it removes a fat dependency where gpgv tends to be present when gpg is present, has a better stateless interface, and reduces code complexity.

Dpkg::OpenPGP: Require gpgv and do not fallback to gpg to verify signatures
Using gpgv exclusively for signature verification is better, it removes a fat dependency where gpgv tends to be present when gpg is present, has a better stateless interface, and reduces code complexity.
f7f88cc6 · Guillem Jover · 7343b9d3 · f7f88cc6
Commit f7f88cc6 authored 2 years ago by Guillem Jover
--- a/scripts/Dpkg/OpenPGP.pm
+++ b/scripts/Dpkg/OpenPGP.pm
@@ -169,8 +169,6 @@ sub verify_signature {
    my @exec;
    if (find_command('gpgv')) {
        push @exec, 'gpgv', _gpg_options_weak_digests();
-    } elsif (find_command('gpg')) {
-        push @exec, 'gpg', _gpg_options_common(), '--verify';
    } elsif ($opts->{require_valid_signature}) {
        error(g_('cannot verify signature on %s since GnuPG is not installed'),
              $sig);