From ff401d5df9c6090aafb10cdba81ece113b4fa29f Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Sun, 22 Jun 2025 17:43:35 +0100
Subject: [PATCH] import: rename keyring extension from .gpg to .pgp

The format is not specific to gpg, it's defined by the pgp
protocols. Lintian even warns about it:

systemd-container: openpgp-file-has-implementation-specific-extension [usr/lib/systemd/import-pubring.gpg]

Rename it accordingly, as new pgp implementations are slowly becoming
more popular.

Keep using /etc/systemd/import-pubring.gpg for backward compatibility.
---
 man/importctl.xml                                   |   4 ++--
 man/sysupdate.d.xml                                 |   4 ++--
 meson.build                                         |   5 +++--
 .../{import-pubring.gpg => import-pubring.pgp}      | Bin
 src/import/meson.build                              |   2 +-
 src/import/pull-common.c                            |   2 ++
 6 files changed, 10 insertions(+), 7 deletions(-)
 rename src/import/{import-pubring.gpg => import-pubring.pgp} (100%)

diff --git a/man/importctl.xml b/man/importctl.xml
index f67565bc054..c1021e60bab 100644
--- a/man/importctl.xml
+++ b/man/importctl.xml
@@ -125,8 +125,8 @@
         <option>--verify=signature</option>, the sha checksum file is first verified with the detached GPG
         signature of <filename>.sha256</filename> or <filename>SHA256SUMS</filename>.  The public key for
         this verification step needs to be available in
-        <filename>/usr/lib/systemd/import-pubring.gpg</filename> or
-        <filename>/etc/systemd/import-pubring.gpg</filename>.</para>
+        <filename>/usr/lib/systemd/import-pubring.pgp</filename> or
+        <filename>/etc/systemd/import-pubring.pgp</filename>.</para>
 
         <para>If <option>-keep-download=yes</option> is specified the image will be downloaded and stored in
         a read-only subvolume/directory in the image directory that is named after the specified URL and its
diff --git a/man/sysupdate.d.xml b/man/sysupdate.d.xml
index 9a32c8c734a..13dcd097754 100644
--- a/man/sysupdate.d.xml
+++ b/man/sysupdate.d.xml
@@ -481,8 +481,8 @@
         downloaded resources (specifically: validate the GPG signatures for downloaded
         <filename>SHA256SUMS</filename> manifest files, via their detached signature files
         <filename>SHA256SUMS.gpg</filename> in combination with the system keyring
-        <filename>/usr/lib/systemd/import-pubring.gpg</filename> or
-        <filename>/etc/systemd/import-pubring.gpg</filename>).</para>
+        <filename>/usr/lib/systemd/import-pubring.pgp</filename> or
+        <filename>/etc/systemd/import-pubring.pgp</filename>).</para>
 
         <para>This option is essential to provide integrity guarantees for downloaded resources and thus
         should be left enabled, outside of test environments.</para>
diff --git a/meson.build b/meson.build
index 3f5ddccd12e..a468cf1ea1b 100644
--- a/meson.build
+++ b/meson.build
@@ -320,9 +320,10 @@ conf.set_quoted('USER_CONFIG_UNIT_DIR',                       pkgsysconfdir / 'u
 conf.set_quoted('USER_DATA_UNIT_DIR',                         userunitdir)
 conf.set_quoted('USER_ENV_GENERATOR_DIR',                     userenvgeneratordir)
 conf.set_quoted('USER_GENERATOR_DIR',                         usergeneratordir)
-conf.set_quoted('USER_KEYRING_PATH',                          pkgsysconfdir / 'import-pubring.gpg')
+conf.set_quoted('USER_KEYRING_PATH',                          pkgsysconfdir / 'import-pubring.pgp')
+conf.set_quoted('USER_KEYRING_PATH_LEGACY',                   pkgsysconfdir / 'import-pubring.gpg')
 conf.set_quoted('USER_PRESET_DIR',                            userpresetdir)
-conf.set_quoted('VENDOR_KEYRING_PATH',                        libexecdir / 'import-pubring.gpg')
+conf.set_quoted('VENDOR_KEYRING_PATH',                        libexecdir / 'import-pubring.pgp')
 
 conf.set('ANSI_OK_COLOR',                                     'ANSI_' + get_option('ok-color').underscorify().to_upper())
 conf.set10('ENABLE_URLIFY',                                   get_option('urlify'))
diff --git a/src/import/import-pubring.gpg b/src/import/import-pubring.pgp
similarity index 100%
rename from src/import/import-pubring.gpg
rename to src/import/import-pubring.pgp
diff --git a/src/import/meson.build b/src/import/meson.build
index a2bb54992b4..e1670da8174 100644
--- a/src/import/meson.build
+++ b/src/import/meson.build
@@ -109,6 +109,6 @@ install_data('org.freedesktop.import1.service',
 install_data('org.freedesktop.import1.policy',
              install_dir : polkitpolicydir)
 
-install_data('import-pubring.gpg',
+install_data('import-pubring.pgp',
              install_dir : libexecdir)
 # TODO: shouldn't this be in pkgdatadir?
diff --git a/src/import/pull-common.c b/src/import/pull-common.c
index 67ed640a6f4..40248eee3d8 100644
--- a/src/import/pull-common.c
+++ b/src/import/pull-common.c
@@ -458,6 +458,8 @@ static int verify_gpg(
                  * otherwise. */
                 if (access(USER_KEYRING_PATH, F_OK) >= 0)
                         cmd[k++] = "--keyring=" USER_KEYRING_PATH;
+                else if (access(USER_KEYRING_PATH_LEGACY, F_OK) >= 0)
+                        cmd[k++] = "--keyring=" USER_KEYRING_PATH_LEGACY;
                 else
                         cmd[k++] = "--keyring=" VENDOR_KEYRING_PATH;
 
-- 
2.47.3